Traveler For Microsoft Outlook
Monthly
Sensitive application data exposure in HCL Traveler for Microsoft Outlook (HTMO) allows a local low-privileged attacker to read sensitive information - likely credentials, tokens, or session data written to application log files (CWE-532) - potentially enabling follow-on attacks against connected systems. The CVSS vector confirms local access with low privileges is sufficient to achieve high confidentiality impact, with no integrity or availability consequences. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sensitive application data exposure in HCL Traveler for Microsoft Outlook (HTMO) allows a local low-privileged attacker to read sensitive information - likely credentials, tokens, or session data written to application log files (CWE-532) - potentially enabling follow-on attacks against connected systems. The CVSS vector confirms local access with low privileges is sufficient to achieve high confidentiality impact, with no integrity or availability consequences. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.