Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AnalysisAI
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Affected products include: Ibm Traveler. Version information: before 9.0.1.12.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via t
A critical PHP object injection vulnerability exists in the Shinetheme Traveler WordPress theme due to insecure deserial
HCL Traveler contains a weak default HTTP header validation vulnerability (CWE-346) that allows authenticated attackers
The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. Rated medium severity (CVSS 5.4),
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). Rated medium
HCL Traveler contains a sensitive information disclosure vulnerability where error messages expose internal system detai
HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal
HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reve
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today