Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Local attack vector and high privileges required because exploitation needs both host-level access and existing elevated credentials; only limited confidentiality impact applies with no integrity or availability effect.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
AnalysisAI
Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local user to access application resources and functionality not surfaced in the UI by constructing direct URL requests, bypassing the intended UI-driven access control model. The impact is limited to partial confidentiality disclosure (C:L) with no integrity or availability consequence, and no exploitation has been confirmed - no public exploit code exists and this CVE is absent from the CISA KEV catalog. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local system access (AV:L per CVSS vector) and high privileges on the host (PR:H per CVSS vector) - meaning the attacker must already be a highly privileged user on the system running IBM Datacap or Datacap Navigator. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The overall risk profile of this vulnerability is very low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user with high-level privileges on the IBM Datacap host - such as an administrator who should not have access to a specific functional area - identifies an unlinked application URL (for example, through source inspection, error messages, or documentation) and navigates directly to it, bypassing the UI-enforced access restriction to retrieve sensitive application data or invoke hidden functionality. No public proof-of-concept code exists for this vulnerability at the time of analysis. |
| Remediation | IBM has released a patch addressing this vulnerability; the exact fixed version should be confirmed at the IBM support advisory located at https://www.ibm.com/support/pages/node/7276609. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper v
Sensitive-data disclosure in IBM Datacap and Datacap Navigator (versions 9.1.7, 9.1.8, 9.1.9) lets an attacker recover u
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that coul
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that cou
Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be rea
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim.
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By pe
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium s
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could all
Same weakness CWE-425 – Direct Request ('Forced Browsing')
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38287
GHSA-gc5m-j868-gqpq