Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-30134

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-26 Sep, 2024 | 14:50
Updated At-26 Sep, 2024 | 15:23
Rejected At-
Credits

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability

The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:26 Sep, 2024 | 14:50
Updated At:26 Sep, 2024 | 15:23
Rejected At:
▼CVE Numbering Authority (CNA)
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability

The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.

Affected Products
Vendor
HCL Technologies Ltd.HCL Software
Product
HCL Traveler for Microsoft Outlook
Default Status
unaffected
Versions
Affected
  • <3.0.9
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723
N/A
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
HCL Technologies Ltd.hcltech
Product
traveler
CPEs
  • cpe:2.3:a:hcltech:traveler:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.0.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295 Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295 Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:26 Sep, 2024 | 15:15
Updated At:26 Sep, 2024 | 16:35

The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-295Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-295
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723psirt@hcl.com
N/A
Hyperlink: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114723
Source: psirt@hcl.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2021-27768
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 27.20%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 21:25
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An SSL certificate host verification vulnerability affects HCL Verse for Android

Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-verseVerse for Android
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-0254
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 14:02
Updated-20 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226.

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-HCL Digital Experience
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-42193
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-2.1||LOW
EPSS-0.05% / 13.89%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 18:16
Updated-16 Apr, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-HCL BigFix Platform
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-42186
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-2.8||LOW
EPSS-0.01% / 0.86%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 02:47
Updated-23 Jan, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-BigFix Patch Management Download Plug-ins
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-30149
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 08:25
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL AppScan Source is affected by an expired TLS/SSL certificate

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-AppScan Source
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-22278
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:45
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-update_managerpcm600PCM600PCM600 Update Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-30000
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 08:22
Updated-08 Apr, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges.

Action-Not Available
Vendor-Siemens AG
Product-Siemens License Server (SLS)
CWE ID-CWE-295
Improper Certificate Validation
Details not found