HCL AION is affected by a vulnerability where sensitive information...

2.6 / 10

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

Description

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.

Basic Information

ID CVE-2025-62317

Source HCL

Published May 14, 2026 at 16:13

Affected Product

Vendor HCL

Product AION

Version 2.1.0

Affected Versions HCL AION 2.1.0

CWE Classification

CWE-598

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.",
    "published": "2026-05-14T16:13:34.907Z",
    "modified": "2026-05-14T16:13:34.907Z",
    "type": "cve",
    "title": "HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636",
    "id": "CVE-2025-62317",
    "bulletinFamily": "",
    "cwe": [
        "CWE-598"
    ],
    "cvelist": null,
    "sourceData": "HCL AION 2.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.6,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AION",
    "version": "2.1.0",
    "vendor": "HCL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters._CVE-2025-62317