Lucene search
K
IbmDatacap

19 matches found

CVE
CVE
added 2024/07/15 2:9 a.m.79 views

CVE-2024-39741

CVE-2024-39741 describes a path traversal vulnerability in IBM Datacap Navigator (versions 9.1.5–9.1.9). A remote attacker could craft a URL with "/.." sequences to view arbitrary files on the system, due to improper handling of path input. Affected products include Datacap Navigator and IBM Data...

5.3CVSS4.7AI score0.00678EPSS
CVE
CVE
added 2024/07/14 12:39 p.m.76 views

CVE-2024-39732

CVE-2024-39732 affects IBM Datacap Navigator 9.1.5–9.1.9. The issue is information disclosure due to data stored temporarily from different environments that could be obtained by a malicious user. Affected versions: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. The connected documents describe the root caus...

7.5CVSS4.6AI score0.00192EPSS
CVE
CVE
added 2024/07/14 12:41 p.m.76 views

CVE-2024-39733

IBM Datacap Navigator 9.1.5–9.1.9 stores user credentials in plaintext, allowing local read access and exposing confidentiality. The issue is confirmed across multiple sources (NVD, Red Hat, CNVD/CVE listings). Impact is confidentiality loss (C:H) with LOCAL access and LOW/no user interaction req...

5.5CVSS5.1AI score0.00144EPSS
CVE
CVE
added 2024/07/14 12:38 p.m.76 views

CVE-2024-39734

IBM Datacap Navigator (Datacap Navigator 9.1.5–9.1.9) does not set the secure attribute on authorization tokens or session cookies, enabling potential cookie disclosure when users click http:// links or visit pages with such links. The cited entry from IBM states the impact as cookie values being...

4.3CVSS4.2AI score0.00233EPSS
CVE
CVE
added 2024/07/15 1:34 a.m.70 views

CVE-2024-39728

IBM Datacap Navigator 9.1.5–9.1.9 is vulnerable to stored cross-site scripting (XSS) in the Web UI, allowing embedded JavaScript that could alter functionality and potentially disclose credentials in a trusted session. Root cause/details are described as insufficient protection of the web UI agai...

6.4CVSS5.5AI score0.00341EPSS
CVE
CVE
added 2024/07/15 2:5 a.m.68 views

CVE-2024-39735

CVE-2024-39735 affects IBM Datacap Navigator (9.1.5–9.1.9). The issue is cross-site scripting in the Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected product family: Datacap Navigator; root cau...

5.4CVSS5.2AI score0.00304EPSS
CVE
CVE
added 2024/07/15 2:7 a.m.65 views

CVE-2024-39729

Summary (CVE-2024-39729): IBM Datacap Navigator 9.1.5–9.1.9 is affected by an information-disclosure vulnerability enabling an authenticated user to read sensitive data from the source code. Affected products/versions: Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. Red Hat and other sources...

4.3CVSS4.2AI score0.00408EPSS
CVE
CVE
added 2024/07/15 1:25 a.m.65 views

CVE-2024-39739

CVE-2024-39739 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is server-side request forgery (SSRF) that could allow an authenticated attacker to send unauthorized requests from the vulnerable system, enabling network enumeration or related attacks. Affected product line includes...

5.4CVSS4.8AI score0.00241EPSS
CVE
CVE
added 2024/07/15 1:27 a.m.64 views

CVE-2024-39737

IBM Datacap Navigator 9.1.5–9.1.9 exposes detailed browser error messages that disclose sensitive information, enabling remote information disclosure. Root cause: improper error reporting containing detailed error data. Impact: information disclosure; no explicit exploit details provided in the c...

5.4CVSS5AI score0.00358EPSS
CVE
CVE
added 2024/07/15 1:28 a.m.63 views

CVE-2024-39736

IBM Datacap Navigator 9.1.5–9.1.9 is affected by HTTP header injection due to improper validation of HOST headers. The vulnerability allows an attacker to perform cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: Datacap Navigator 9....

9.8CVSS6.5AI score0.00366EPSS
CVE
CVE
added 2024/07/15 1:36 a.m.57 views

CVE-2024-39731

CVE-2024-39731 affects IBM Datacap Navigator 9.1.5–9.1.9, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is documented across multiple sources, including IBM’s security bulletin and Red Hat’s entry, with additional re...

7.5CVSS5.8AI score0.0028EPSS
CVE
CVE
added 2024/07/15 2:11 a.m.55 views

CVE-2024-39740

Summary of findings : CVE-2024-39740 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is an information disclosure vulnerability where version information is exposed in HTTP requests, enabling an attacker to gather details for potential future attacks. The IBM bulletin lists multip...

5.3CVSS4.4AI score0.00371EPSS
CVE
CVE
added 2018/09/12 2:0 p.m.51 views

CVE-2018-1773

IBM Datacap Fastdoc Capture (9.1.1, 9.1.3, 9.1.4) is affected by CVE-2018-1773, an authentication bypass that could allow an authenticated user to bypass future authentication after initial login. The vendor bulletin (Datacap Taskmaster Capture, Datacap Fastdoc Capture, and Datacap Navigator) con...

4.3CVSS4.5AI score0.01417EPSS
CVE
CVE
added 2025/06/28 12:49 a.m.29 views

CVE-2025-36026

IBM Datacap is affected for versions 9.1.7, 9.1.8, and 9.1.9. The root cause is that authorization tokens and session cookies are not marked Secure, enabling cookie exposure when a user clicks an http link or visits a site hosting the link, potentially allowing traffic snooping to obtain cookie v...

4.3CVSS6AI score0.00138EPSS
CVE
CVE
added 2025/06/28 12:36 a.m.27 views

CVE-2024-39730

The CVE-2024-39730 issue affects IBM Datacap Navigator 9.1.7–9.1.9 and allows a remote attacker to hijack a victim’s click actions by luring them to a malicious site. The Red Hat bulletin and IBM/IBM X-Force references cite a CWE-451 UI misrepresentation root cause, with a CVSSv3.1 base score of ...

5.4CVSS6.4AI score0.00199EPSS
CVE
CVE
added 2025/06/28 12:51 a.m.27 views

CVE-2025-36027

CVE-2025-36027 affects IBM Datacap 9.1.7–9.1.9. Description and Red Hat/IBM bulletin confirm a clickjacking issue where a remote attacker could exploit a malicious site to hijack the victim’s click actions (CWE-1021). Impact is UI interaction manipulation with potential for follow-on attacks; CVS...

5.4CVSS6.4AI score0.00195EPSS
CVE
CVE
added 2026/06/22 2:13 p.m.10 views

CVE-2026-8059

CVE-2026-8059 affects IBM Datacap (versions 9.1.7–9.1.9) and IBM Datacap Navigator (9.1.7–9.1.9). It is a cross-site scripting vulnerability that allows an unauthenticated attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosur...

6.1CVSS5.5AI score0.00169EPSS
CVE
CVE
added 2026/06/22 2:22 p.m.10 views

CVE-2026-9610

IBM Datacap (including Datacap Navigator) 9.1.7–9.1.9 exposes resources or functionality not linked in the UI but accessible via direct URL requests, bypassing access controls (CWE-425: Direct Request). Affected: IBM Datacap 9.1.7, 9.1.8, 9.1.9 and Datacap Navigator 9.1.7, 9.1.8, 9.1.9. IBM’s bul...

5.3CVSS5.8AI score0.00189EPSS
CVE
CVE
added 2026/06/22 2:16 p.m.9 views

CVE-2026-8636

CVE-2026-8636 affects IBM Datacap (versions 9.1.7–9.1.9) and Datacap Navigator (9.1.7–9.1.9). The vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, enabling use of those keys to decrypt passwords, gain access to the application, and access sensitive d...

7.5CVSS5.9AI score0.00146EPSS