Lucene search

IbmVULNRICHMENT:CVE-2024-39737

HistoryJul 15, 2024 - 1:27 a.m.

CVE-2024-39737 IBM Datacap Navigator information disclosure

2024-07-1501:27:07

CWE-209

ibm

github.com

ibm

datacap navigator

information disclosure

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "Datacap Navigator",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/296004

www.ibm.com/support/pages/node/7160185

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39737