CVE-2024-39739
- EPSS 0.24%
- Veröffentlicht 15.07.2024 02:15:06
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or fac...
CVE-2024-39737
- EPSS 0.36%
- Veröffentlicht 15.07.2024 02:15:06
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...
CVE-2024-39736
- EPSS 0.37%
- Veröffentlicht 15.07.2024 02:15:05
- Zuletzt bearbeitet 21.11.2024 09:28:19
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, inc...
CVE-2024-39731
- EPSS 0.28%
- Veröffentlicht 15.07.2024 02:15:05
- Zuletzt bearbeitet 21.11.2024 09:28:18
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
CVE-2024-39728
- EPSS 0.34%
- Veröffentlicht 15.07.2024 02:15:05
- Zuletzt bearbeitet 21.11.2024 09:28:18
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2024-39734
- EPSS 0.23%
- Veröffentlicht 14.07.2024 13:15:21
- Zuletzt bearbeitet 25.03.2025 17:15:57
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a...
CVE-2024-39733
- EPSS 0.14%
- Veröffentlicht 14.07.2024 13:15:21
- Zuletzt bearbeitet 21.11.2024 09:28:18
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
CVE-2024-39732
- EPSS 0.19%
- Veröffentlicht 14.07.2024 13:15:20
- Zuletzt bearbeitet 21.11.2024 09:28:18
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.
CVE-2018-1773
- EPSS 1.42%
- Veröffentlicht 12.09.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 04:00:20
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.