Primary

Context

HCL Traveler Weak Default HTTP Header Validation Vulnerability Allowing Authentication Bypass

Vulnerability

Patched

A vulnerability exists in HCL Traveler versions prior to 14.5.1.0, related to weak default HTTP header validation. This flaw could enable an attacker to bypass certain authentication checks, potentially leading to unauthorized access or actions.

Impact

Exploitation of this vulnerability could allow an attacker to bypass authentication checks, potentially leading to unauthorized access or actions within the application.

Remediation

Users are advised to update HCL Traveler to the latest version. For details on fixes by release, consult the HCL Traveler Fixes by Release article.

Added: Mar 24, 2026, 9:35 PM

Updated: Mar 24, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

6.3

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

6.3

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Traveler Weak Default HTTP Header Validation Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Remediation

Affected Products

HCL Traveler

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating