Vulnerabilities > IBM

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2024-39740 Unspecified vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system.
network
low complexity
ibm
5.3
5.3
2024-07-15 CVE-2024-39741 Path Traversal vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.3
5.3
2024-07-15 CVE-2024-39728 Cross-site Scripting vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2024-07-15 CVE-2024-39731 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datacap
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2024-07-15 CVE-2024-39736 Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
critical
 9.8
9.8
2024-07-15 CVE-2024-39737 Information Exposure Through an Error Message vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3
2024-07-15 CVE-2024-39739 Server-Side Request Forgery (SSRF) vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.3
4.3
2024-07-14 CVE-2024-39732 Cleartext Storage of Sensitive Information vulnerability in IBM Datacap
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user.
network
low complexity
ibm CWE-312
7.5
7.5
2024-07-14 CVE-2024-39733 Insufficiently Protected Credentials vulnerability in IBM Datacap
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-522
5.5
5.5
2024-07-14 CVE-2024-39734 Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Datacap
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-565
4.3
4.3