Description
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21690582
Scores
EPSS
0.0179
EPSS Percentile
75.7%
Details
CWE
CWE-200
Status
published
Products (2)
ibm/notes_traveler_companion
1.0
ibm/notes_traveler_companion
1.1
Published
Mar 02, 2015
Tracked Since
Feb 18, 2026