HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks

Description

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Affected Products

Vendor	Product	Versions
hcl	aion	< 2.1.2

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410(Vendor Advisory)

CVSS 3.14.8 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.1.2

CWECWE-347

PublishedMar 16, 2026

Last enriched11h ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks

Description

Affected Products

References

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline