CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36027 – IBM Datacap clickjacking
https://notcve.org/view.php?id=CVE-2025-36027
28 Jun 2025 — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. • https://www.ibm.com/support/pages/node/7238443 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36026 – IBM Datacap information disclosure
https://notcve.org/view.php?id=CVE-2025-36026
28 Jun 2025 — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7238443 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39730 – IBM Datacap clickjacking
https://notcve.org/view.php?id=CVE-2024-39730
28 Jun 2025 — IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. • https://www.ibm.com/support/pages/node/7238443 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39740 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39740
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 muestra información de versión en solicitudes HTTP que podrían permitir a un atacante recopilar información para futuros ataques contra el sistema. ID de IBM X-Force: 296009. • https://exchange.xforce.ibmcloud.com/vulnerabilities/296009 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39741 – IBM Datacap Navigator directory traversal
https://notcve.org/view.php?id=CVE-2024-39741
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/296010 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39729 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39729
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 podría permitir a un usuario autenticado obtener información confidencial del código fuente que podría usarse en futuros ataques contra el sistema. ID de IBM X-Force: 295968. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295968 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39735 – IBM Datacap Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-39735
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar código JavaScript arb... • https://exchange.xforce.ibmcloud.com/vulnerabilities/296002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39731 – IBM Datacap Navigator information disclosure
https://notcve.org/view.php?id=CVE-2024-39731
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 295970. • https://exchange.xforce.ibmcloud.com/vulnerabilities/295970 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39728 – IBM Datacap Navigator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-39728
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/295967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39736 – IBM Datacap Navigator HTTP HOST header injection
https://notcve.org/view.php?id=CVE-2024-39736
15 Jul 2024 — IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003. IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8 y 9.1.9 es vulnerable a la inyección de encabezados HTTP, provocada por una validación incorrecta de la entrada por parte ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/296003 • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •