Lucene search

IbmVULNRICHMENT:CVE-2024-39740

HistoryJul 15, 2024 - 2:11 a.m.

CVE-2024-39740 IBM Datacap Navigator information disclosure

2024-07-1502:11:20

CWE-497

ibm

github.com

ibm

datacap navigator

information disclosure

cve-2024-39740

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "Datacap Navigator",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/296009

www.ibm.com/support/pages/node/7160185

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

Percentile

13.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39740