HCL AION is affected by a vulnerability where backend service...

4.3 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Description

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions

Basic Information

ID CVE-2025-62311

Source HCL

Published May 14, 2026 at 16:06

Affected Product

Vendor HCL

Product AION

Version 2.1.0

Affected Versions HCL AION 2.1.0

CWE Classification

CWE-319

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions",
    "published": "2026-05-14T16:06:57.015Z",
    "modified": "2026-05-14T16:06:57.015Z",
    "type": "cve",
    "title": "HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636",
    "id": "CVE-2025-62311",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "HCL AION 2.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AION",
    "version": "2.1.0",
    "vendor": "HCL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels._CVE-2025-62311