CVE-2014-8921 — MEDIUM (4.3)

Vulnerability Description

The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Notes Traveler Companion	1.0

Related Weaknesses (CWE)

CWE-200

References

http://www-01.ibm.com/support/docview.wss?uid=swg21690582Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21690582Vendor Advisory

FAQ

What is CVE-2014-8921?

CVE-2014-8921 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the au...

How severe is CVE-2014-8921?

CVE-2014-8921 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8921?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Notes Traveler Companion.