CNNVD-202601-3033 Information

CNNVD ID

CNNVD-202601-3033

Related CVE

CVE-2025-52661

• CNNVD Published: 2026-01-19

Description (Chinese)

HCL AION是印度HCL公司的一款AI生命周期管理平台。 HCL AION 2版本存在安全漏洞，该漏洞源于JWT令牌过期时间过长，可能增加令牌被滥用的风险，如果令牌被泄露可能导致未经授权的访问。

Description (English)

HCL AION is an AI life-cycle management platform for HCL India. There is a security loophole in HCL AION version 2, which stems from the excessive expiration of the JWT token, which may increase the risk of its misuse if it is disclosed and may lead to unauthorized access.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

HCL

Published

2026-01-19

Last Modified

2026-02-24

References

https://support.hcl-software.com/kb_view.do?sys_kb_id=4b92474633de7ad4159a05273e5c7b4b&searchTerm=kb0127995# https://access.redhat.com/security/cve/cve-2025-52661

Patch

https://www.hcl-software.com/aion