4.3

CVE-2025-0279

Medienbericht

EPSS 0.04%
Veröffentlicht 03.04.2025 21:48:01
Zuletzt bearbeitet 10.10.2025 16:47:02
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Traveler Version <= 14.0.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.heise.de/news/HCL-Sicherheitsluecken-in-BigFix-DevOps-und-mehr-Produkten-10344571.html

Medienbericht

heise Security

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120336

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0279

EUVD