Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reading cleartext secrets from process memory realistically needs local, low-privileged host access (AV:L, PR:L); impact is confidentiality-only (C:H, I:N, A:N) with no scope change.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6DescriptionNVD
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
AnalysisAI
Sensitive-data disclosure in IBM Datacap and Datacap Navigator (versions 9.1.7, 9.1.8, 9.1.9) lets an attacker recover user passwords and cryptographic keys that the application holds in cleartext in memory; the recovered keys can then decrypt stored credentials, authenticate to the application, and reach sensitive data in the backing database. IBM has released a patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be able to read the memory of the running IBM Datacap / Datacap Navigator process where passwords and the cryptographic key are held in cleartext (CWE-316); recovering the key is the prerequisite that then enables decrypting stored passwords, authenticating to the application, and reaching the database. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals here conflict and should be read carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can read the Datacap process memory (e.g., a local or low-privileged user on the application host, or via a separate foothold) dumps the running process, extracts the cleartext passwords and the cryptographic key, then uses that key to decrypt the stored credential store. With valid application credentials they log in and query the backend database for sensitive captured documents and data. … |
| Remediation | Apply the IBM-released fix per the vendor advisory at https://www.ibm.com/support/pages/node/7276609 (Patch available per vendor advisory; the advisory enumerates the fixed fix-pack levels above the vulnerable 9.1.7 ≤1.8.4 and Navigator 9.1.7 ≤8.2.1.0 builds - confirm the exact target build from that page rather than an assumed version number). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify and inventory all IBM Datacap and Datacap Navigator deployments; confirm which are running versions 9.1.7, 9.1.8, or 9.1.9. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper v
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that coul
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that cou
Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be rea
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim.
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By pe
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium s
Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local u
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could all
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38283
GHSA-xfpj-q55p-7h2m