MEDIUM🇵🇱 Wersja polska

CVE-2026-8636

CVSS 5.5v3.1pub. 2026-06-22upd. 2026-06-26

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • IBM Datacap

    APP
    Ibm
    9.1.79.1.89.1.9
  • IBM Datacap Navigator

    APP
    Ibm
    9.1.79.1.89.1.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-4902HIGH8.8ten sam produkt

IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker...

CVE-2026-8059MEDIUM6.1ten sam produkt

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-s...

CVE-2024-39730MEDIUM5.4ten sam produkt

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of t...

CVE-2025-36026MEDIUM4.3ten sam produkt

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session coo...

CVE-2025-36027MEDIUM5.4ten sam produkt

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the vic...