Vulnerability-Lookup

CNVD-2023-84332

Vulnerability from cnvd - Published: 2023-11-10

Title

HCL Technologies Traveler Companion信息泄露漏洞

Description

HCL Technologies Traveler Companion是美国HCL Technologies公司的一款ios Iphone和Ipad应用程序。用于在Apple设备上阅读加密的Hcl Notes邮件。 HCL Technologies Traveler Companion存在信息泄露漏洞，攻击者可利用此漏洞获取敏感信息。

Severity

中

Patch Name

HCL Technologies Traveler Companion信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106691

Reference

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106691 https://cxsecurity.com/cveshow/CVE-2023-37512/

Impacted products

Name
HCL Technologies Traveler Companion <12.0.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-37512",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-37512"
    }
  },
  "description": "HCL Technologies Traveler Companion\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u7684\u4e00\u6b3eios Iphone\u548cIpad\u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u4e8e\u5728Apple\u8bbe\u5907\u4e0a\u9605\u8bfb\u52a0\u5bc6\u7684Hcl Notes\u90ae\u4ef6\u3002\n\nHCL Technologies Traveler Companion\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0106691",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-84332",
  "openTime": "2023-11-10",
  "patchDescription": "HCL Technologies Traveler Companion\u662f\u7f8e\u56fdHCL Technologies\u516c\u53f8\u7684\u4e00\u6b3eios Iphone\u548cIpad\u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u4e8e\u5728Apple\u8bbe\u5907\u4e0a\u9605\u8bfb\u52a0\u5bc6\u7684Hcl Notes\u90ae\u4ef6\u3002\r\n\r\nHCL Technologies Traveler Companion\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HCL Technologies Traveler Companion\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HCL Technologies Traveler Companion \u003c12.0.6"
  },
  "referenceLink": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0106691\r\nhttps://cxsecurity.com/cveshow/CVE-2023-37512/",
  "serverity": "\u4e2d",
  "submitTime": "2023-08-15",
  "title": "HCL Technologies Traveler Companion\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2023-37512 (GCVE-0-2023-37512)

Vulnerability from cvelistv5 – Published: 2023-08-11 00:34 – Updated: 2024-10-04 13:05

Title

HCL Traveler Companion is vulnerable to revealing sensitive information via the task switcher

Summary

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Assigner

HCL

References

URL

Tags

https://support.hcltechsw.com/csm?id=kb_article&s…

Impacted products

	Vendor	Product	Version
	HCL Software	HCL Traveler Companion	Affected: < 12.0.6

Date Public ?

2023-08-10 22:27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0106691"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T13:04:17.112897Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T13:05:54.758Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HCL Traveler Companion",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 12.0.6"
            }
          ]
        }
      ],
      "datePublic": "2023-08-10T22:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-11T00:34:17.647Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0106691"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL Traveler Companion is vulnerable to revealing sensitive information via the task switcher",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2023-37512",
    "datePublished": "2023-08-11T00:34:17.647Z",
    "dateReserved": "2023-07-06T16:11:40.095Z",
    "dateUpdated": "2024-10-04T13:05:54.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-84332

CVE-2023-37512 (GCVE-0-2023-37512)

Tags

Sightings

Nomenclature