CVE-2026-9610
- EPSS 0.19%
- Veröffentlicht 22.06.2026 14:22:34
- Zuletzt bearbeitet 26.06.2026 21:19:13
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
CVE-2026-8636
- EPSS 0.15%
- Veröffentlicht 22.06.2026 14:16:01
- Zuletzt bearbeitet 26.06.2026 21:20:52
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application...
CVE-2026-8059
- EPSS 0.17%
- Veröffentlicht 22.06.2026 14:13:53
- Zuletzt bearbeitet 26.06.2026 21:27:42
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the inte...
CVE-2025-36027
- EPSS 0.2%
- Veröffentlicht 28.06.2025 00:51:07
- Zuletzt bearbeitet 01.07.2025 14:19:40
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click a...
CVE-2025-36026
- EPSS 0.14%
- Veröffentlicht 28.06.2025 00:49:54
- Zuletzt bearbeitet 01.07.2025 14:22:26
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to...
CVE-2024-39730
- EPSS 0.2%
- Veröffentlicht 28.06.2025 00:36:51
- Zuletzt bearbeitet 01.07.2025 14:28:11
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's c...
CVE-2024-39729
- EPSS 0.41%
- Veröffentlicht 15.07.2024 03:15:02
- Zuletzt bearbeitet 21.11.2024 09:28:18
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
CVE-2024-39741
- EPSS 0.68%
- Veröffentlicht 15.07.2024 03:15:02
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on t...
CVE-2024-39740
- EPSS 0.37%
- Veröffentlicht 15.07.2024 03:15:02
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
CVE-2024-39735
- EPSS 0.3%
- Veröffentlicht 15.07.2024 03:15:02
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...