VYPR

Datacap

by IBM

CVEs (7)

  • CVE-2025-36027MedJun 28, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…

  • CVE-2024-39730MedJun 28, 2025
    risk 0.35cvss 5.4epss 0.00

    IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly…

  • CVE-2025-36026MedJun 28, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to…

  • CVE-2018-1773MedSep 12, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.

  • CVE-2026-9610Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

  • CVE-2026-8636Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data…

  • CVE-2026-8059Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…