CVE-2024-39733

CWE-256 CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 90.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Datacap Navigator IBM Datacap

Timeline

PublishedJul 14

Description

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/datacap_navigator9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9

▶NVDibm/datacap5 versions+4

🔴Vulnerability Details

CVEList

IBM Datacap Navigator information disclosure↗2024-07-14

▶

GHSA

GHSA-rf42-gqmw-5vh9: IBM Datacap Navigator 9↗2024-07-14

▶