Internal Path Disclosure in HCL Traveler Application
CVE-2025-0278

4.3MEDIUM

Key Information:

Vendor
HCL Software Software
Status
HCL Software Traveler
Vendor
CVE Published:
3 April 2025

Summary

HCL Traveler has a vulnerability that allows unintended exposure of internal file paths through error messages, debug logs, or user request responses. This can lead to valuable information being disclosed to attackers, potentially aiding them in navigating the system or exploiting further vulnerabilities.

Affected Version(s)

HCL Traveler <=14.0.0.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.