Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)

Summary Apache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap...

IBM Datacap Taskmaster Capture SQL Injection Vulnerability

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

IBM Datacap Taskmaster Capture SQL注入漏洞

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV

Summary The server responded with a Handshake to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLSFALLBACKSCSV Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to server supports a deprecated SSL version (either SSLv2 or SSLv3)

Summary This is a fix related to configuration rather than a code change, can be made by the system administration who would be responsible for configuring and maintaining SSL certificates Vulnerability Details Third Party Entry: PSIRT-ADV0026274 DESCRIPTION: Created from Advisory: ADV0026274 CVS...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to weak cipher suites by successfully creating SSL connections

Summary AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here. Vulnerability Details Third Party Entry: PSIRT-ADV0026310 DESCRIPTION: Created from Advisory: ADV0026310 CVSS Base score: 5.9 CVSS Vector:...

Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to using a cookie without the "secure" attribute

Summary AppScan found that an encrypted session SSL is using a cookie without the "secure" attribute and this can be fixed by adding a setting in web.config file Vulnerability Details Third Party Entry: PSIRT-ADV0026307 DESCRIPTION: Created from Advisory: ADV0026307 CVSS Base score: 4.3 CVSS...

IBM Datacap Taskmaster Capture ActiveX未明安全漏洞

Bugtraq ID:66184 CVE ID:CVE-2014-0879 IBM Datacap Taskmaster Capture可将文档数据输入过程自动化，从而降低成本，提高文档处理效率。 IBM Datacap Taskmaster Capture所使用的ActiveX控件存在未明安全漏洞，允许攻击者利用漏洞构建恶意WEB页，诱使用户解析，执行任意代码。 0 IBM Datacap Taskmaster Capture 8.0.1 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：...

CVE-2011-2144

The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service batch abort via a long subject line in an e-mail message that is represented in a .eml file...

CVE-2011-2141

SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2011-2143

IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain...

Code injection

The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service batch abort via a long subject line in an e-mail message that is represented in a .eml file...

Sql injection

SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2011-2141

CVE-2011-2141 affects IBM Datacap Taskmaster Capture 8.0.1 (TMWeb) before FP1. A SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The connected documents confirm the affected product and the injectable nature of the vulnerability, but ...

CVE-2011-2143

IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain...