19 matches found
CVE-2024-39741
CVE-2024-39741 describes a path traversal vulnerability in IBM Datacap Navigator (versions 9.1.5–9.1.9). A remote attacker could craft a URL with "/.." sequences to view arbitrary files on the system, due to improper handling of path input. Affected products include Datacap Navigator and IBM Data...
CVE-2024-39732
CVE-2024-39732 affects IBM Datacap Navigator 9.1.5–9.1.9. The issue is information disclosure due to data stored temporarily from different environments that could be obtained by a malicious user. Affected versions: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. The connected documents describe the root caus...
CVE-2024-39733
IBM Datacap Navigator 9.1.5–9.1.9 stores user credentials in plaintext, allowing local read access and exposing confidentiality. The issue is confirmed across multiple sources (NVD, Red Hat, CNVD/CVE listings). Impact is confidentiality loss (C:H) with LOCAL access and LOW/no user interaction req...
CVE-2024-39734
IBM Datacap Navigator (Datacap Navigator 9.1.5–9.1.9) does not set the secure attribute on authorization tokens or session cookies, enabling potential cookie disclosure when users click http:// links or visit pages with such links. The cited entry from IBM states the impact as cookie values being...
CVE-2024-39728
IBM Datacap Navigator 9.1.5–9.1.9 is vulnerable to stored cross-site scripting (XSS) in the Web UI, allowing embedded JavaScript that could alter functionality and potentially disclose credentials in a trusted session. Root cause/details are described as insufficient protection of the web UI agai...
CVE-2024-39735
CVE-2024-39735 affects IBM Datacap Navigator (9.1.5–9.1.9). The issue is cross-site scripting in the Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected product family: Datacap Navigator; root cau...
CVE-2024-39729
Summary (CVE-2024-39729): IBM Datacap Navigator 9.1.5–9.1.9 is affected by an information-disclosure vulnerability enabling an authenticated user to read sensitive data from the source code. Affected products/versions: Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. Red Hat and other sources...
CVE-2024-39739
CVE-2024-39739 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is server-side request forgery (SSRF) that could allow an authenticated attacker to send unauthorized requests from the vulnerable system, enabling network enumeration or related attacks. Affected product line includes...
CVE-2024-39737
IBM Datacap Navigator 9.1.5–9.1.9 exposes detailed browser error messages that disclose sensitive information, enabling remote information disclosure. Root cause: improper error reporting containing detailed error data. Impact: information disclosure; no explicit exploit details provided in the c...
CVE-2024-39736
IBM Datacap Navigator 9.1.5–9.1.9 is affected by HTTP header injection due to improper validation of HOST headers. The vulnerability allows an attacker to perform cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: Datacap Navigator 9....
CVE-2024-39731
CVE-2024-39731 affects IBM Datacap Navigator 9.1.5–9.1.9, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is documented across multiple sources, including IBM’s security bulletin and Red Hat’s entry, with additional re...
CVE-2024-39740
Summary of findings : CVE-2024-39740 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is an information disclosure vulnerability where version information is exposed in HTTP requests, enabling an attacker to gather details for potential future attacks. The IBM bulletin lists multip...
CVE-2018-1773
IBM Datacap Fastdoc Capture (9.1.1, 9.1.3, 9.1.4) is affected by CVE-2018-1773, an authentication bypass that could allow an authenticated user to bypass future authentication after initial login. The vendor bulletin (Datacap Taskmaster Capture, Datacap Fastdoc Capture, and Datacap Navigator) con...
CVE-2025-36026
IBM Datacap is affected for versions 9.1.7, 9.1.8, and 9.1.9. The root cause is that authorization tokens and session cookies are not marked Secure, enabling cookie exposure when a user clicks an http link or visits a site hosting the link, potentially allowing traffic snooping to obtain cookie v...
CVE-2024-39730
The CVE-2024-39730 issue affects IBM Datacap Navigator 9.1.7–9.1.9 and allows a remote attacker to hijack a victim’s click actions by luring them to a malicious site. The Red Hat bulletin and IBM/IBM X-Force references cite a CWE-451 UI misrepresentation root cause, with a CVSSv3.1 base score of ...
CVE-2025-36027
CVE-2025-36027 affects IBM Datacap 9.1.7–9.1.9. Description and Red Hat/IBM bulletin confirm a clickjacking issue where a remote attacker could exploit a malicious site to hijack the victim’s click actions (CWE-1021). Impact is UI interaction manipulation with potential for follow-on attacks; CVS...
CVE-2026-8059
CVE-2026-8059 affects IBM Datacap (versions 9.1.7–9.1.9) and IBM Datacap Navigator (9.1.7–9.1.9). It is a cross-site scripting vulnerability that allows an unauthenticated attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosur...
CVE-2026-9610
IBM Datacap (including Datacap Navigator) 9.1.7–9.1.9 exposes resources or functionality not linked in the UI but accessible via direct URL requests, bypassing access controls (CWE-425: Direct Request). Affected: IBM Datacap 9.1.7, 9.1.8, 9.1.9 and Datacap Navigator 9.1.7, 9.1.8, 9.1.9. IBM’s bul...
CVE-2026-8636
CVE-2026-8636 affects IBM Datacap (versions 9.1.7–9.1.9) and Datacap Navigator (9.1.7–9.1.9). The vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, enabling use of those keys to decrypt passwords, gain access to the application, and access sensitive d...