Phishing Vulnerability in IBM Notes Traveler Companion for Windows Phone
CVE-2014-8921

Currently unrated

Key Information:

Vendor: IBM
Status: Notes Traveler Companion
Vendor: CVE Published:; 2 March 2015

Summary

The IBM Notes Traveler Companion application for Windows Phone versions 1.0 and 1.1 prior to the 201411010515 update displays a vulnerability whereby it fails to adequately restrict the number of executions of its automatic configuration feature. This oversight can potentially allow remote attackers to exploit the application by orchestrating phishing attacks through encrypted email messages, ultimately leading to the unauthorized capture of user credentials. Organizations utilizing this application should take immediate steps to update their software to mitigate associated risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21690582

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 2, 2015
Vulnerability Reserved
Nov 14, 2014