CVE-2025-36026

EPSS 0.09%
Veröffentlicht 28.06.2025 00:49:54
Zuletzt bearbeitet 01.07.2025 14:22:26
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM Datacap information disclosure

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 

does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Datacap Version9.1.7

Ibm ≫ Datacap Version9.1.8

Ibm ≫ Datacap Version9.1.9

Ibm ≫ Datacap Navigator

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.254

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

https://www.ibm.com/support/pages/node/7238443

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36026

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-36026