CVE-2025-36027 — UI Misrepresentation / Clickjacking in IBM Datacap

CWE-1021 — UI Misrepresentation / Clickjacking3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 89.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Datacap

Timeline

PublishedJun 28

Description

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/datacap9.1.7, 9.1.8, 9.1.9+2

▶NVDibm/datacap9.1.7, 9.1.8, 9.1.9+2

🔴Vulnerability Details

CVEList

IBM Datacap clickjacking↗2025-06-28

▶

GHSA

GHSA-87hr-fvp2-3f9p: IBM Datacap 9↗2025-06-28

▶