Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Traveler by HCLSoftware

    CVE-2026-21790 (GCVE-0-2026-21790)

    Vulnerability from nvd – Published: 2026-03-24 20:04 – Updated: 2026-03-24 20:28
    VLAI
    Title
    HCL Traveler is susceptible to a weak default HTTP header validation vulnerability
    Summary
    HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCLSoftware Traveler Affected: < 14.5.1.0
    Create a notification for this product.
    Date Public
    2026-03-24 19:49
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T20:27:58.531587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T20:28:10.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Traveler",
              "vendor": "HCLSoftware",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 14.5.1.0"
                }
              ]
            }
          ],
          "datePublic": "2026-03-24T19:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks."
                }
              ],
              "value": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T20:04:28.585Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129139"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2026-21790",
        "datePublished": "2026-03-24T20:04:28.585Z",
        "dateReserved": "2026-01-05T16:08:02.277Z",
        "dateUpdated": "2026-03-24T20:28:10.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21783 (GCVE-0-2026-21783)

    Vulnerability from nvd – Published: 2026-03-24 19:48 – Updated: 2026-03-24 20:31
    VLAI
    Title
    HCL Traveler is affected by sensitive information disclosure
    Summary
    HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of error message containing sensitive information
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCLSoftware Traveler Affected: < 14.5.1.0
    Create a notification for this product.
    Date Public
    2026-03-24 07:49
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T20:31:33.182400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T20:31:43.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Traveler",
              "vendor": "HCLSoftware",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 14.5.1.0"
                }
              ]
            }
          ],
          "datePublic": "2026-03-24T07:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Traveler is affected by sensitive information disclosure.\u0026nbsp; The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.\u0026nbsp; Attackers could exploit this information to gain insights into the system\u0027s architecture and potentially launch targeted attacks.\u0026nbsp;"
                }
              ],
              "value": "HCL Traveler is affected by sensitive information disclosure.\u00a0 The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.\u00a0 Attackers could exploit this information to gain insights into the system\u0027s architecture and potentially launch targeted attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of error message containing sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T19:48:39.079Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129139"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Traveler is affected by sensitive information disclosure",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2026-21783",
        "datePublished": "2026-03-24T19:48:39.079Z",
        "dateReserved": "2026-01-05T16:08:02.276Z",
        "dateUpdated": "2026-03-24T20:31:43.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21790 (GCVE-0-2026-21790)

    Vulnerability from cvelistv5 – Published: 2026-03-24 20:04 – Updated: 2026-03-24 20:28
    VLAI
    Title
    HCL Traveler is susceptible to a weak default HTTP header validation vulnerability
    Summary
    HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCLSoftware Traveler Affected: < 14.5.1.0
    Create a notification for this product.
    Date Public
    2026-03-24 19:49
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21790",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T20:27:58.531587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T20:28:10.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Traveler",
              "vendor": "HCLSoftware",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 14.5.1.0"
                }
              ]
            }
          ],
          "datePublic": "2026-03-24T19:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks."
                }
              ],
              "value": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T20:04:28.585Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129139"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Traveler is susceptible to a weak default HTTP header validation vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2026-21790",
        "datePublished": "2026-03-24T20:04:28.585Z",
        "dateReserved": "2026-01-05T16:08:02.277Z",
        "dateUpdated": "2026-03-24T20:28:10.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21783 (GCVE-0-2026-21783)

    Vulnerability from cvelistv5 – Published: 2026-03-24 19:48 – Updated: 2026-03-24 20:31
    VLAI
    Title
    HCL Traveler is affected by sensitive information disclosure
    Summary
    HCL Traveler is affected by sensitive information disclosure.  The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.  Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of error message containing sensitive information
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCLSoftware Traveler Affected: < 14.5.1.0
    Create a notification for this product.
    Date Public
    2026-03-24 07:49
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T20:31:33.182400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T20:31:43.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Traveler",
              "vendor": "HCLSoftware",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 14.5.1.0"
                }
              ]
            }
          ],
          "datePublic": "2026-03-24T07:49:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HCL Traveler is affected by sensitive information disclosure.\u0026nbsp; The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.\u0026nbsp; Attackers could exploit this information to gain insights into the system\u0027s architecture and potentially launch targeted attacks.\u0026nbsp;"
                }
              ],
              "value": "HCL Traveler is affected by sensitive information disclosure.\u00a0 The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.\u00a0 Attackers could exploit this information to gain insights into the system\u0027s architecture and potentially launch targeted attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of error message containing sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T19:48:39.079Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129139"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HCL Traveler is affected by sensitive information disclosure",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2026-21783",
        "datePublished": "2026-03-24T19:48:39.079Z",
        "dateReserved": "2026-01-05T16:08:02.276Z",
        "dateUpdated": "2026-03-24T20:31:43.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }