Vulnerabilites related to ibm - datacap
CVE-2024-39733 (GCVE-0-2024-39733)
Vulnerability from cvelistv5
Published
2024-07-14 12:41
Modified
2024-09-21 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-256 - Plaintext Storage of a Password
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/295972 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:29:22.617276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:29:31.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-21T10:00:11.703Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295972"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39733",
"datePublished": "2024-07-14T12:41:47.696Z",
"dateReserved": "2024-06-28T09:34:35.181Z",
"dateUpdated": "2024-09-21T10:00:11.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39728 (GCVE-0-2024-39728)
Vulnerability from cvelistv5
Published
2024-07-15 01:34
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/295967 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:44:34.100711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:24:06.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T01:34:22.464Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295967"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39728",
"datePublished": "2024-07-15T01:34:22.464Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:15.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39732 (GCVE-0-2024-39732)
Vulnerability from cvelistv5
Published
2024-07-14 12:39
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-316 - Cleartext Storage of Sensitive Information in Memory
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/295791 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T16:37:22.578539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T16:38:09.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295791"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316 Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-14T12:40:22.313Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295791"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39732",
"datePublished": "2024-07-14T12:39:59.599Z",
"dateReserved": "2024-06-28T09:34:20.323Z",
"dateUpdated": "2024-08-02T04:26:16.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39729 (GCVE-0-2024-39729)
Vulnerability from cvelistv5
Published
2024-07-15 02:07
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-540 - Information Exposure Through Source Code
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/295968 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:26:05.167944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:26:18.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540 Information Exposure Through Source Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T02:07:10.919Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39729",
"datePublished": "2024-07-15T02:07:10.919Z",
"dateReserved": "2024-06-28T09:34:20.322Z",
"dateUpdated": "2024-08-02T04:26:16.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1773 (GCVE-0-2018-1773)
Vulnerability from cvelistv5
Published
2018-09-12 14:00
Modified
2024-09-17 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Bypass Security
Summary
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105340 | vdb-entry, x_refsource_BID | |
| https://www.ibm.com/support/docview.wss?uid=ibm10729013 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/148691 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"name": "ibm-datacap-cve20181773-sec-bypass(148691)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Datacap",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.1"
},
{
"status": "affected",
"version": "9.1.3"
},
{
"status": "affected",
"version": "9.1.4"
}
]
}
],
"datePublic": "2018-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-15T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "105340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"name": "ibm-datacap-cve20181773-sec-bypass(148691)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-10T00:00:00",
"ID": "CVE-2018-1773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Datacap",
"version": {
"version_data": [
{
"version_value": "9.1.1"
},
{
"version_value": "9.1.3"
},
{
"version_value": "9.1.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105340"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729013",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"name": "ibm-datacap-cve20181773-sec-bypass(148691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1773",
"datePublished": "2018-09-12T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:30:59.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36026 (GCVE-0-2025-36026)
Vulnerability from cvelistv5
Published
2025-06-28 00:49
Modified
2025-08-24 11:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7238443 | vendor-advisory, patch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:41:32.341241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:41:43.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.7"
},
{
"status": "affected",
"version": "9.1.8"
},
{
"status": "affected",
"version": "9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.\u003c/span\u003e"
}
],
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:38:32.866Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\u003cbr\u003e\u003cbr\u003eSee the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7231588\"\u003ehttps://www.ibm.com/support/pages/node/7231588\u003c/a\u003e\u0026nbsp;readme for details.\u003cbr\u003e"
}
],
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\n\nSee the https://www.ibm.com/support/pages/node/7231588 \u00a0readme for details."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36026",
"datePublished": "2025-06-28T00:49:54.932Z",
"dateReserved": "2025-04-15T21:16:08.835Z",
"dateUpdated": "2025-08-24T11:38:32.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39734 (GCVE-0-2024-39734)
Vulnerability from cvelistv5
Published
2024-07-14 12:38
Modified
2025-03-25 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:30:31.191454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:39:33.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-14T12:38:03.320Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39734",
"datePublished": "2024-07-14T12:38:03.320Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2025-03-25T16:39:33.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39737 (GCVE-0-2024-39737)
Vulnerability from cvelistv5
Published
2024-07-15 01:27
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296004 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T12:23:17.148607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T12:23:24.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T01:27:07.662Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296004"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39737",
"datePublished": "2024-07-15T01:27:07.662Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:15.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39740 (GCVE-0-2024-39740)
Vulnerability from cvelistv5
Published
2024-07-15 02:11
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of System Data to an Unauthorized Control Sphere
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T15:53:06.657396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T15:53:37.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T02:11:20.973Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39740",
"datePublished": "2024-07-15T02:11:20.973Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:15.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39741 (GCVE-0-2024-39741)
Vulnerability from cvelistv5
Published
2024-07-15 02:09
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296010 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T14:02:44.927440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T14:03:00.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T02:09:40.787Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator directory traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39741",
"datePublished": "2024-07-15T02:09:40.787Z",
"dateReserved": "2024-06-28T09:34:35.183Z",
"dateUpdated": "2024-08-02T04:26:16.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39735 (GCVE-0-2024-39735)
Vulnerability from cvelistv5
Published
2024-07-15 02:05
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296002 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T12:56:36.189889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T12:57:01.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T02:05:09.065Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39735",
"datePublished": "2024-07-15T02:05:09.065Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:16.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39739 (GCVE-0-2024-39739)
Vulnerability from cvelistv5
Published
2024-07-15 01:25
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296008 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T15:20:33.791568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T13:21:59.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T01:25:48.329Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296008"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator server-side request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39739",
"datePublished": "2024-07-15T01:25:48.329Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:16.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39736 (GCVE-0-2024-39736)
Vulnerability from cvelistv5
Published
2024-07-15 01:28
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/296003 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T19:03:20.416504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:04:21.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.\u003c/span\u003e\n\n"
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T01:32:43.826Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator HTTP HOST header injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39736",
"datePublished": "2024-07-15T01:28:53.462Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:16.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39731 (GCVE-0-2024-39731)
Vulnerability from cvelistv5
Published
2024-07-15 01:36
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/295970 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Datacap Navigator |
Version: 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:27:56.751816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:28:07.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T01:36:11.783Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295970"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39731",
"datePublished": "2024-07-15T01:36:11.783Z",
"dateReserved": "2024-06-28T09:34:20.323Z",
"dateUpdated": "2024-08-02T04:26:15.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36027 (GCVE-0-2025-36027)
Vulnerability from cvelistv5
Published
2025-06-28 00:51
Modified
2025-08-24 11:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7238443 | vendor-advisory, patch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:45:19.978180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:45:45.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.7"
},
{
"status": "affected",
"version": "9.1.8"
},
{
"status": "affected",
"version": "9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\n\ncould allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:39:15.170Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\u003cbr\u003e\u003cbr\u003eSee the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7231588\"\u003ehttps://www.ibm.com/support/pages/node/7231588\u003c/a\u003e\u0026nbsp;readme for details.\u003cbr\u003e"
}
],
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\n\nSee the https://www.ibm.com/support/pages/node/7231588 \u00a0readme for details."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap clickjacking",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36027",
"datePublished": "2025-06-28T00:51:07.042Z",
"dateReserved": "2025-04-15T21:16:08.835Z",
"dateUpdated": "2025-08-24T11:39:15.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39730 (GCVE-0-2024-39730)
Vulnerability from cvelistv5
Published
2025-06-28 00:36
Modified
2025-08-24 11:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Summary
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7238443 | vendor-advisory, patch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:39:32.944197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:39:47.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.7"
},
{
"status": "affected",
"version": "9.1.8"
},
{
"status": "affected",
"version": "9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim."
}
],
"value": "IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:37:28.863Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\u003cbr\u003e\u003cbr\u003eSee the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7231588\"\u003ehttps://www.ibm.com/support/pages/node/7231588\u003c/a\u003e\u0026nbsp;readme for details.\u003cbr\u003e"
}
],
"value": "IBM strongly suggests that you address the vulnerabilities now for all the affected products/versions listed above by installing Fix.\n\nSee the https://www.ibm.com/support/pages/node/7231588 \u00a0readme for details."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap clickjacking",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39730",
"datePublished": "2025-06-28T00:36:51.884Z",
"dateReserved": "2024-06-28T09:34:20.323Z",
"dateUpdated": "2025-08-24T11:37:28.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-07-14 13:15
Modified
2024-11-21 09:28
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena temporalmente datos de diferentes entornos que podr\u00eda obtener un usuario malintencionado. ID de IBM X-Force: 295791."
}
],
"id": "CVE-2024-39732",
"lastModified": "2024-11-21T09:28:18.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-14T13:15:20.433",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295791"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-316"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-28 01:15
Modified
2025-07-01 14:28
Severity ?
Summary
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238443 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.7, 9.1.8 y 9.1.9 podr\u00eda permitir que un atacante remoto secuestre la acci\u00f3n de clic de la v\u00edctima. Al persuadir a la v\u00edctima a visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar sus acciones de clic y posiblemente lanzar nuevos ataques contra ella."
}
],
"id": "CVE-2024-39730",
"lastModified": "2025-07-01T14:28:11.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-06-28T01:15:24.740",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 14:29
Modified
2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105340 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/148691 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729013 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105340 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/148691 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729013 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF1CD3E-A6F1-4710-A843-1312840BC686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2611CD6-26D5-4B7F-BAE0-4977A8C1F257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F71D142-18EF-41E5-BB72-E0CDDABD3A9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691."
},
{
"lang": "es",
"value": "IBM Datacap Fastdoc Capture 9.1.1, 9.1.3 y 9.1.4 podr\u00eda permitir que un usuario autenticado omita mecanismos de autenticaci\u00f3n futuros una vez se ha completado el primer inicio de sesi\u00f3n. IBM X-Force ID: 148691."
}
],
"id": "CVE-2018-1773",
"lastModified": "2024-11-21T04:00:20.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T14:29:01.140",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105340"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 02:15
Modified
2024-11-21 09:28
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295970 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295970 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 295970."
}
],
"id": "CVE-2024-39731",
"lastModified": "2024-11-21T09:28:18.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T02:15:05.670",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295970"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 03:15
Modified
2024-11-21 09:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296002 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296002 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 296002."
}
],
"id": "CVE-2024-39735",
"lastModified": "2024-11-21T09:28:19.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T03:15:02.307",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296002"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 02:15
Modified
2024-11-21 09:28
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295967 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295967 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 295967."
}
],
"id": "CVE-2024-39728",
"lastModified": "2024-11-21T09:28:18.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T02:15:05.440",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295967"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 02:15
Modified
2024-11-21 09:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296004 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296004 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 296004."
}
],
"id": "CVE-2024-39737",
"lastModified": "2024-11-21T09:28:19.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T02:15:06.173",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296004"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-14 13:15
Modified
2024-11-21 09:28
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295972 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295972 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena las credenciales de usuario en texto plano que puede ser le\u00eddo por un usuario local. ID de IBM X-Force: 295972."
}
],
"id": "CVE-2024-39733",
"lastModified": "2024-11-21T09:28:18.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2024-07-14T13:15:21.490",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295972"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-14 13:15
Modified
2025-03-25 17:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en se\u00f1ales de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico. ID de IBM X-Force: 296001."
}
],
"id": "CVE-2024-39734",
"lastModified": "2025-03-25T17:15:57.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-14T13:15:21.860",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296001"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-565"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 03:15
Modified
2024-11-21 09:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 muestra informaci\u00f3n de versi\u00f3n en solicitudes HTTP que podr\u00edan permitir a un atacante recopilar informaci\u00f3n para futuros ataques contra el sistema. ID de IBM X-Force: 296009."
}
],
"id": "CVE-2024-39740",
"lastModified": "2024-11-21T09:28:19.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T03:15:02.557",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 02:15
Modified
2024-11-21 09:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296003 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296003 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a la inyecci\u00f3n de encabezados HTTP, provocada por una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST. Esto podr\u00eda permitir a un atacante realizar varios ataques contra el sistema vulnerable, incluidos cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 296003."
}
],
"id": "CVE-2024-39736",
"lastModified": "2024-11-21T09:28:19.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T02:15:05.947",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-644"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-28 01:15
Modified
2025-07-01 14:19
Severity ?
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238443 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\n\ncould allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim."
},
{
"lang": "es",
"value": "IBM Datacap 9.1.7, 9.1.8 y 9.1.9 podr\u00edan permitir que un atacante remoto secuestre la acci\u00f3n de clic de la v\u00edctima. Al persuadir a la v\u00edctima a visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar sus acciones de clic y posiblemente lanzar nuevos ataques contra ella."
}
],
"id": "CVE-2025-36027",
"lastModified": "2025-07-01T14:19:40.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-06-28T01:15:25.343",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-28 01:15
Modified
2025-07-01 14:22
Severity ?
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9
does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238443 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
},
{
"lang": "es",
"value": "IBM Datacap 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en tokens de autorizaci\u00f3n ni en cookies de sesi\u00f3n. Los atacantes podr\u00edan obtener el valor de las cookies enviando un enlace http:// a un usuario o insertando este enlace en un sitio web al que acceda el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico."
}
],
"id": "CVE-2025-36026",
"lastModified": "2025-07-01T14:22:26.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-06-28T01:15:25.153",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238443"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-614"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 03:15
Modified
2024-11-21 09:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/295968 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/295968 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial del c\u00f3digo fuente que podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 295968."
}
],
"id": "CVE-2024-39729",
"lastModified": "2024-11-21T09:28:18.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T03:15:02.043",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295968"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 02:15
Modified
2024-11-21 09:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296008 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296008 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado env\u00ede solicitudes no autorizadas desde el sistema, lo que podr\u00eda provocar la enumeraci\u00f3n de la red o facilitar otros ataques. ID de IBM X-Force: 296008."
}
],
"id": "CVE-2024-39739",
"lastModified": "2024-11-21T09:28:19.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T02:15:06.417",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296008"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 03:15
Modified
2024-11-21 09:28
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/296010 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/296010 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160185 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9A78C-CB26-4761-81CF-E273789338F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7F533-9997-4067-80A4-55DFD10C166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A4854F9C-EB1F-4277-B07F-9599DA1995DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD9AE6-DEAB-4D84-9E62-D0B718ED2F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9CD5BF-61E6-4A91-A0BF-1031F673701A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:datacap_navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D67D9A8F-F888-41EC-8312-3D497F7A3CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010."
},
{
"lang": "es",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 podr\u00eda permitir que un atacante remoto atraviese directorios del sistema. Un atacante podr\u00eda enviar una solicitud URL especialmente manipulada que contenga secuencias de \"puntos\" (/../) para ver archivos arbitrarios en el sistema. ID de IBM X-Force: 296010."
}
],
"id": "CVE-2024-39741",
"lastModified": "2024-11-21T09:28:19.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T03:15:02.793",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296010"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
var-201809-0198
Vulnerability from variot
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. IBM Datacap Fastdoc Capture Contains an authentication vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 148691 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "datacap",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "9.1.4"
},
{
"model": "datacap",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "datacap",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "datacap",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "fastdoc capture 9.1.1"
},
{
"model": "datacap",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "fastdoc capture 9.1.3"
},
{
"model": "datacap",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "fastdoc capture 9.1.4"
},
{
"model": "datacap taskmaster capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.4"
},
{
"model": "datacap taskmaster capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "datacap taskmaster capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "datacap navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.4"
},
{
"model": "datacap navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "datacap navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "datacap fastdoc capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.4"
},
{
"model": "datacap fastdoc capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "datacap fastdoc capture",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "datacap taskmaster capture interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.41"
},
{
"model": "datacap taskmaster capture interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.36"
},
{
"model": "datacap taskmaster capture hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.11"
},
{
"model": "datacap navigator interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.41"
},
{
"model": "datacap navigator interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.36"
},
{
"model": "datacap navigator hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.11"
},
{
"model": "datacap fastdoc capture interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.41"
},
{
"model": "datacap fastdoc capture interim fix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.36"
},
{
"model": "datacap fastdoc capture hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.11"
}
],
"sources": [
{
"db": "BID",
"id": "105340"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:datacap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105340"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1773",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-1773",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-1773",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1773",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@us.ibm.com",
"id": "CVE-2018-1773",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-1773",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-634",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. IBM Datacap Fastdoc Capture Contains an authentication vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 148691 It is released as.Information may be tampered with. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1773"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "BID",
"id": "105340"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1773",
"trust": 2.7
},
{
"db": "BID",
"id": "105340",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "105340"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"id": "VAR-201809-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3152174
},
"last_update_date": "2024-11-23T23:04:59.018000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "0729013",
"trust": 0.8,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"title": "ibm-datacap-cve20181773-sec-bypass (148691)",
"trust": 0.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
},
{
"title": "IBM Datacap Fastdoc Capture Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84887"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148691"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105340"
},
{
"trust": 1.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729013"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1773"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1773"
},
{
"trust": 0.3,
"url": "http://www.ibm.com"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10729013"
}
],
"sources": [
{
"db": "BID",
"id": "105340"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105340"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "BID",
"id": "105340"
},
{
"date": "2018-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"date": "2018-09-12T14:29:01.140000",
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "BID",
"id": "105340"
},
{
"date": "2018-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009682"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-634"
},
{
"date": "2024-11-21T04:00:20.560000",
"db": "NVD",
"id": "CVE-2018-1773"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Datacap Fastdoc Capture Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-634"
}
],
"trust": 0.6
}
}