File Path Resolution Vulnerability in HCL AppScan Traffic Recorder
CVE-2024-30143

4.3MEDIUM

Key Information:

Vendor
HCL Software Software
Status
HCL Software Appscan Traffic Recorder
Vendor
CVE Published:
13 March 2025

Summary

The HCL AppScan Traffic Recorder exhibits a vulnerability that fails to properly sanitize special characters in filenames. This oversight could allow attackers to manipulate file paths, leading to potential breaches where the application resolves to unauthorized directories. Successful exploitation may result in disruption, unauthorized access, or even complete control over the affected system, posing significant risks to both application integrity and user data.

Affected Version(s)

HCL AppScan Traffic Recorder <= 1.0.6

References

https://support.hcl-software.com/csm?id=kb_article&syspar...
https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.