5.3

CVE-2026-9610

Multiple Vulnerabilities in IBM Datacap

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmDatacap Version9.1.7
IbmDatacap Version9.1.8
IbmDatacap Version9.1.9
IbmDatacap Navigator Version9.1.7
IbmDatacap Navigator Version9.1.8
IbmDatacap Navigator Version9.1.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.087
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
psirt@us.ibm.com 2.3 0.8 1.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://www.ibm.com/support/pages/node/7276609
Vendor Advisory