CVE-2014-6130

IBM Notes Traveler < 9.0.1.2 - Exposure of Sensitive Information via HTTP Session Selection

Title source: llm
STIX 2.1

Description

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21688840
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70871
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96810
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/432608

Scores

EPSS 0.0188
EPSS Percentile 77.0%

Details

CWE
CWE-200
Status published
Products (1)
ibm/notes_traveler < 9.0.1.2
Published Nov 04, 2014
Tracked Since Feb 18, 2026