CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-39737 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39737
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296004 https://www.ibm.com/support/pages/node/7160185 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-39733 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39733
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario local. ID de IBM X-Force: 295972. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295972 https://www.ibm.com/support/pages/node/7160185 • CWE-256: Plaintext Storage of a Password •
CVSS: 4.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39732 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39732
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 almacena temporalmente datos de diferentes entornos que podría obtener un usuario malintencionado. ID de IBM X-Force: 295791. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295791 https://www.ibm.com/support/pages/node/7160185 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39734 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39734
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en señales de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296001 https://www.ibm.com/support/pages/node/7160185 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6477 – UsersWP < 1.2.12 - Users Information Disclosure
https://notcve.org/view.php?id=CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.11due to insufficient protections on the '/uploads/cache/' directory. • https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •