Information Disclosure Vulnerability in HCL Traveler
CVE-2025-0279

4.3MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Traveler
Vendor: CVE Published:; 3 April 2025

Summary

HCL Traveler is susceptible to an information disclosure vulnerability where error messages may inadvertently expose sensitive details such as internal file paths, credentials, and error codes. This leakage of critical data can help attackers to form a clearer picture of the underlying system architecture, potentially leading to targeted and more sophisticated attacks. Organizations utilizing HCL Traveler should consider implementing safeguards to mitigate the risks associated with this vulnerability.

Affected Version(s)

HCL Traveler <=14.0.0.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Jan 6, 2025