CVE-2014-6130
IBM Notes Traveler < 9.0.1.2 - Exposure of Sensitive Information via HTTP Session Selection
Title source: llmDescription
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21688840
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70871
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96810
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/432608
Scores
EPSS
0.0188
EPSS Percentile
77.0%
Details
CWE
CWE-200
Status
published
Products (1)
ibm/notes_traveler
< 9.0.1.2
Published
Nov 04, 2014
Tracked Since
Feb 18, 2026