Description
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
Published: 2026-06-26
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL Traveler for Microsoft Outlook libraries are flagged by the operating system or security software as potentially malicious or unrecognized programs. This misclassification leads to the Traveler add‑in being blocked or prevented from loading, effectively disabling Outlook integration features such as email, calendar, or other productivity tools. The weakness is catalogued as CWE‑347, an inappropriate restriction of functionality.

Affected Systems

The vulnerability affects the HCLSoftware Traveler for Microsoft Outlook product line. No specific impacted versions are listed, so the entire range of Traveler installations is considered at risk.

Risk and Exploitability

The CVSS score of 6.7 indicates a moderate severity. The EPSS score is not provided, and the vulnerability is not listed as a Known Exploited Vulnerability in CISA KEV, suggesting that active exploitation is not reported. The likely vector involves an user or service triggering Outlook to load the Traveler libraries, resulting in the add‑in being blocked by security controls. The impact is primarily a denial of functionality rather than direct compromise of confidentiality or integrity.

Generated by OpenCVE AI on June 27, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest update or patch for HCL Traveler for Microsoft Outlook provided by the advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131417
  • If a patch is not available, temporarily disable the Traveler add‑in in Outlook or configure the operating system’s security settings to whitelist the Traveler libraries
  • Monitor HCL Software advisories and apply new updates promptly when released

Generated by OpenCVE AI on June 27, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech traveler For Microsoft Outlook
Vendors & Products Hcltech
Hcltech traveler For Microsoft Outlook

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1104 CWE-347

Fri, 26 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.
Title HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability
Weaknesses CWE-1104
References
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Hcltech Traveler For Microsoft Outlook
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-06-29T13:19:20.629Z

Reserved: 2024-01-18T07:30:10.661Z

Link: CVE-2024-23581

cve-icon Vulnrichment

Updated: 2026-06-29T13:19:17.123Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T19:45:02Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature