CVE-2024-39741Path Traversal in IBM Datacap Navigator

CWE-22Path Traversal3 documents3 sources
Severity
5.3MEDIUMNVD
CNA4.3
EPSS
0.1%
top 71.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Datacap NavigatorIBM Datacap
Timeline
PublishedJul 15

Description

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/datacap_navigator9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9
NVDibm/datacap5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-969w-vh4q-cg4g: IBM Datacap Navigator 92024-07-15
CVEList
IBM Datacap Navigator directory traversal2024-07-15
CVE-2024-39741 — Path Traversal in IBM | cvebase