CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14264
https://notcve.org/view.php?id=CVE-2020-14264
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" HCL Traveler Companion es vulnerable a una vulnerabilidad de proceso criptográfico débil de iOS por medio del SDK MobileIron AppConnect incluido • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092787 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14263
https://notcve.org/view.php?id=CVE-2020-14263
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" HCL Traveler Companion es vulnerable a una vulnerabilidad de proceso criptográfico débil de iOS por medio del SDK MobileIron AppConnect incluido • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0091691 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4409
https://notcve.org/view.php?id=CVE-2019-4409
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability. HCL Traveler versiones 9.x y anteriores, son susceptibles a ataques de tipo cross-site scripting. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0073231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •