Internal Path Disclosure in HCL Traveler Application
CVE-2025-0278
4.3MEDIUM
Key Information:
- Vendor
- HCL Software Software
- Status
- HCL Software Traveler
- Vendor
- CVE Published:
- 3 April 2025
Summary
HCL Traveler has a vulnerability that allows unintended exposure of internal file paths through error messages, debug logs, or user request responses. This can lead to valuable information being disclosed to attackers, potentially aiding them in navigating the system or exploiting further vulnerabilities.
Affected Version(s)
HCL Traveler <=14.0.0.1
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved