Lucene search

IbmVULNRICHMENT:CVE-2024-39729

HistoryJul 15, 2024 - 2:07 a.m.

CVE-2024-39729 IBM Datacap Navigator information disclosure

2024-07-1502:07:10

CWE-540

ibm

github.com

ibm

datacap

navigator

information disclosure

vulnerability

authenticated user

sensitive information

source code

attacks

system

x-force id

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "Datacap Navigator",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/295968

www.ibm.com/support/pages/node/7160185

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39729