Skip to main content

Datacap

19 CVEs product

Monthly

CVE-2026-9610 MEDIUM PATCH This Month

Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local user to access application resources and functionality not surfaced in the UI by constructing direct URL requests, bypassing the intended UI-driven access control model. The impact is limited to partial confidentiality disclosure (C:L) with no integrity or availability consequence, and no exploitation has been confirmed - no public exploit code exists and this CVE is absent from the CISA KEV catalog. IBM has released a patch addressing all affected versions.

IBM Authentication Bypass Datacap Datacap Navigator
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-8636 HIGH PATCH This Week

Sensitive-data disclosure in IBM Datacap and Datacap Navigator (versions 9.1.7, 9.1.8, 9.1.9) lets an attacker recover user passwords and cryptographic keys that the application holds in cleartext in memory; the recovered keys can then decrypt stored credentials, authenticate to the application, and reach sensitive data in the backing database. IBM has released a patch. There is no public exploit identified at time of analysis, EPSS exploitation probability is negligible (0.08%, 0th percentile), and CISA SSVC rates exploitation as 'none' - indicating low immediate field risk despite the high CVSS confidentiality impact.

IBM Information Disclosure Datacap Datacap Navigator
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8059 MEDIUM PATCH This Month

Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript within the Web UI, targeting authenticated users during active sessions. Successful exploitation can lead to credential theft or session hijacking by abusing the trust context of a legitimate user's browser. No public exploit code has been identified at time of analysis, and IBM has released a patch via official advisory.

IBM XSS Datacap Datacap Navigator
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36027 MEDIUM This Month

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

XSS IBM Datacap Navigator Datacap
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36026 MEDIUM This Month

CVE-2025-36026 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-39730 MEDIUM This Month

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Information Disclosure IBM Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-39741 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-39740 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39735 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39729 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39739 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap Datacap Navigator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39737 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap Datacap Navigator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-39736 CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39731 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39728 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39734 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-39733 MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39732 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2018-1773 MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD
CVSS 3.0
4.3
EPSS
1.4%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local user to access application resources and functionality not surfaced in the UI by constructing direct URL requests, bypassing the intended UI-driven access control model. The impact is limited to partial confidentiality disclosure (C:L) with no integrity or availability consequence, and no exploitation has been confirmed - no public exploit code exists and this CVE is absent from the CISA KEV catalog. IBM has released a patch addressing all affected versions.

IBM Authentication Bypass Datacap +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive-data disclosure in IBM Datacap and Datacap Navigator (versions 9.1.7, 9.1.8, 9.1.9) lets an attacker recover user passwords and cryptographic keys that the application holds in cleartext in memory; the recovered keys can then decrypt stored credentials, authenticate to the application, and reach sensitive data in the backing database. IBM has released a patch. There is no public exploit identified at time of analysis, EPSS exploitation probability is negligible (0.08%, 0th percentile), and CISA SSVC rates exploitation as 'none' - indicating low immediate field risk despite the high CVSS confidentiality impact.

IBM Information Disclosure Datacap +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to inject and execute arbitrary JavaScript within the Web UI, targeting authenticated users during active sessions. Successful exploitation can lead to credential theft or session hijacking by abusing the trust context of a legitimate user's browser. No public exploit code has been identified at time of analysis, and IBM has released a patch via official advisory.

IBM XSS Datacap +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

XSS IBM Datacap Navigator +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-36026 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Datacap +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Information Disclosure IBM Datacap +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Datacap +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Datacap +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy