16 matches found
CVE-2024-39741
CVE-2024-39741 describes a path traversal vulnerability in IBM Datacap Navigator (versions 9.1.5–9.1.9). A remote attacker could craft a URL with "/.." sequences to view arbitrary files on the system, due to improper handling of path input. Affected products include Datacap Navigator and IBM Data...
CVE-2020-4935
CVE-2020-4935 affects IBM Datacap Fastdoc Capture (Datacap Navigator 9.1.7). A cross-site scripting (XSS) vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confirms the issue and pro...
CVE-2024-39728
IBM Datacap Navigator 9.1.5–9.1.9 is vulnerable to stored cross-site scripting (XSS) in the Web UI, allowing embedded JavaScript that could alter functionality and potentially disclose credentials in a trusted session. Root cause/details are described as insufficient protection of the web UI agai...
CVE-2024-39735
CVE-2024-39735 affects IBM Datacap Navigator (9.1.5–9.1.9). The issue is cross-site scripting in the Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Affected product family: Datacap Navigator; root cau...
CVE-2020-4902
CVE-2020-4902 affects IBM Datacap Taskmaster Capture, specifically its Datacap Navigator component (version 9.1.7). The vulnerability is a SQL injection originating from various input fields, potentially allowing a remote attacker to view, add, modify, or delete data in the back-end database. IBM...
CVE-2024-39729
Summary (CVE-2024-39729): IBM Datacap Navigator 9.1.5–9.1.9 is affected by an information-disclosure vulnerability enabling an authenticated user to read sensitive data from the source code. Affected products/versions: Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9. Red Hat and other sources...
CVE-2024-39737
IBM Datacap Navigator 9.1.5–9.1.9 exposes detailed browser error messages that disclose sensitive information, enabling remote information disclosure. Root cause: improper error reporting containing detailed error data. Impact: information disclosure; no explicit exploit details provided in the c...
CVE-2024-39739
CVE-2024-39739 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is server-side request forgery (SSRF) that could allow an authenticated attacker to send unauthorized requests from the vulnerable system, enabling network enumeration or related attacks. Affected product line includes...
CVE-2024-39736
IBM Datacap Navigator 9.1.5–9.1.9 is affected by HTTP header injection due to improper validation of HOST headers. The vulnerability allows an attacker to perform cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: Datacap Navigator 9....
CVE-2024-39740
Summary of findings : CVE-2024-39740 affects IBM Datacap Navigator (versions 9.1.5–9.1.9). The issue is an information disclosure vulnerability where version information is exposed in HTTP requests, enabling an attacker to gather details for potential future attacks. The IBM bulletin lists multip...
CVE-2025-36026
IBM Datacap is affected for versions 9.1.7, 9.1.8, and 9.1.9. The root cause is that authorization tokens and session cookies are not marked Secure, enabling cookie exposure when a user clicks an http link or visits a site hosting the link, potentially allowing traffic snooping to obtain cookie v...
CVE-2025-36027
CVE-2025-36027 affects IBM Datacap 9.1.7–9.1.9. Description and Red Hat/IBM bulletin confirm a clickjacking issue where a remote attacker could exploit a malicious site to hijack the victim’s click actions (CWE-1021). Impact is UI interaction manipulation with potential for follow-on attacks; CVS...
CVE-2024-39730
The CVE-2024-39730 issue affects IBM Datacap Navigator 9.1.7–9.1.9 and allows a remote attacker to hijack a victim’s click actions by luring them to a malicious site. The Red Hat bulletin and IBM/IBM X-Force references cite a CWE-451 UI misrepresentation root cause, with a CVSSv3.1 base score of ...
CVE-2026-8059
CVE-2026-8059 affects IBM Datacap (versions 9.1.7–9.1.9) and IBM Datacap Navigator (9.1.7–9.1.9). It is a cross-site scripting vulnerability that allows an unauthenticated attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosur...
CVE-2026-8636
CVE-2026-8636 affects IBM Datacap (versions 9.1.7–9.1.9) and Datacap Navigator (9.1.7–9.1.9). The vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, enabling use of those keys to decrypt passwords, gain access to the application, and access sensitive d...
CVE-2026-9610
IBM Datacap (including Datacap Navigator) 9.1.7–9.1.9 exposes resources or functionality not linked in the UI but accessible via direct URL requests, bypassing access controls (CWE-425: Direct Request). Affected: IBM Datacap 9.1.7, 9.1.8, 9.1.9 and Datacap Navigator 9.1.7, 9.1.8, 9.1.9. IBM’s bul...