Primary

Context

HCL Traveler Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information disclosure has been identified in HCL Traveler versions prior to 14.5.1.0. The application generates error messages that include detailed information such as internal paths, file names, sensitive tokens, credentials, error codes, and stack traces. This verbose error messaging could be exploited by attackers to gain insights into the system's architecture and potentially launch targeted attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, allowing attackers to understand the system's architecture and possibly conduct targeted attacks.

Remediation

Users are advised to update HCL Traveler to the latest version. For additional details and links, see the HCL Traveler Fixes by Release article, which will contain the updated dependencies.

Added: Mar 24, 2026, 8:44 PM

Updated: Mar 24, 2026, 8:44 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Traveler Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HCL Traveler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating