CVE-2024-39733

2024-07-1413:15:21

CWE-522

CWE-256

[email protected]

web.nvd.nist.gov

ibm datacap navigator

user credentials

plain text

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.3%

JSON

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.

Affected configurations

Nvd

Node

ibmdatacapMatch9.1.5

ibmdatacapMatch9.1.6

ibmdatacapMatch9.1.7

ibmdatacapMatch9.1.8

ibmdatacapMatch9.1.9

VendorProductVersionCPE
ibmdatacap9.1.5cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*
ibmdatacap9.1.6cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*
ibmdatacap9.1.7cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*
ibmdatacap9.1.8cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*
ibmdatacap9.1.9cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	datacap	9.1.5	cpe:2.3:a:ibm:datacap:9.1.5:::::::*
ibm	datacap	9.1.6	cpe:2.3:a:ibm:datacap:9.1.6:::::::*
ibm	datacap	9.1.7	cpe:2.3:a:ibm:datacap:9.1.7:::::::*
ibm	datacap	9.1.8	cpe:2.3:a:ibm:datacap:9.1.8:::::::*
ibm	datacap	9.1.9	cpe:2.3:a:ibm:datacap:9.1.9:::::::*