4.3

CVE-2025-0279

Medienbericht

EPSS 0.44%
Veröffentlicht 03.04.2025 21:48:01
Zuletzt bearbeitet 10.10.2025 16:47:02
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL Traveler is affected by generation of error messages containing sensitive information

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Traveler Version <= 14.0.0.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.633

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.heise.de/news/HCL-Sicherheitsluecken-in-BigFix-DevOps-und-mehr-Produkten-10344571.html

Media Report

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120336

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0279

EUVD