CVE-2025-52646
MEDIUM WAF: High
CVSS 5.3
Published: 2026-03-16
CWE-89
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hcltech | aion | 2.0 - 2.1.2 |
References
- support.hcl-software.com (Vendor Advisory)