cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-39729,https://securityvulnerability.io/vulnerability/CVE-2024-39729,IBM Datacap Navigator Vulnerabilities Could Lead to Source Code Theft,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.",IBM,"Datacap,Datacap Navigator",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-15T03:15:00.000Z,0 CVE-2024-39741,https://securityvulnerability.io/vulnerability/CVE-2024-39741,Datacap Navigator Vulnerability Allows Remote File Access,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.",IBM,"Datacap,Datacap Navigator",5.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-07-15T03:15:00.000Z,0 CVE-2024-39740,https://securityvulnerability.io/vulnerability/CVE-2024-39740,IBM Datacap Navigator version information leakage,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.",IBM,"Datacap,Datacap Navigator",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-15T03:15:00.000Z,0 CVE-2024-39735,https://securityvulnerability.io/vulnerability/CVE-2024-39735,Datacap Navigator Vulnerable to Cross-Site Scripting,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.",IBM,"Datacap,Datacap Navigator",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-15T03:15:00.000Z,0 CVE-2024-39737,https://securityvulnerability.io/vulnerability/CVE-2024-39737,Datacap Navigator Vulnerability Could Lead to Sensitive Information Theft,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.",IBM,"Datacap,Datacap Navigator",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-15T02:15:00.000Z,0 CVE-2024-39728,https://securityvulnerability.io/vulnerability/CVE-2024-39728,Stored Cross-Site Scripting Vulnerability in IBM Datacap Navigator,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.",IBM,"Datacap,Datacap Navigator",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-15T02:15:00.000Z,0 CVE-2024-39739,https://securityvulnerability.io/vulnerability/CVE-2024-39739,IBM Datacap Navigator Vulnerable to Server-Side Request Forgery (SSRF),"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.",IBM,"Datacap,Datacap Navigator",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-15T02:15:00.000Z,0 CVE-2024-39736,https://securityvulnerability.io/vulnerability/CVE-2024-39736,Datacap Navigator Vulnerable to HTTP Header Injection,"IBM Datacap Navigator versions 9.1.5 through 9.1.9 are exposed to an HTTP header injection vulnerability stemming from inadequate validation of input in the HOST headers. This security flaw could permit an attacker to execute various attacks, such as cross-site scripting, session hijacking, or cache poisoning, potentially compromising the integrity and confidentiality of sensitive information processed by the application. This vulnerability highlights the importance of proper input validation and secure coding practices to mitigate risks associated with web application vulnerabilities.",IBM,"Datacap,Datacap Navigator",9.8,CRITICAL,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-15T02:15:00.000Z,0 CVE-2024-39733,https://securityvulnerability.io/vulnerability/CVE-2024-39733,IBM Datacap Navigator Stores User Credentials in Plain Clear Text,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.",IBM,Datacap Navigator,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-14T12:41:47.696Z,0 CVE-2024-39732,https://securityvulnerability.io/vulnerability/CVE-2024-39732,Datacap Navigator Data at Risk Due to Temporary Storage of Sensitive Data,"IBM Datacap Navigator versions 9.1.5 through 9.1.9 are susceptible to a vulnerability that arises from the temporary storage of sensitive data across different environments. This data may potentially be exploited by malicious users seeking unauthorized access, posing significant risks to data integrity and confidentiality. Organizations utilizing the affected versions should prioritize a review of their security posture and apply necessary mitigations to safeguard their information assets. IBM X-Force ID: 295791 provides additional context on this vulnerability.",IBM,Datacap Navigator,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-07-14T12:39:59.599Z,0 CVE-2024-39734,https://securityvulnerability.io/vulnerability/CVE-2024-39734,IBM Datacap Navigator vulnerability - Secure token handling,"IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.",IBM,Datacap Navigator,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-14T12:38:03.320Z,0 CVE-2023-35896,https://securityvulnerability.io/vulnerability/CVE-2023-35896,IBM Content Navigator server-side request forgery,"IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.",IBM,Content Navigator,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-11-03T03:15:00.000Z,0 CVE-2023-40684,https://securityvulnerability.io/vulnerability/CVE-2023-40684,IBM Content Navigator cross-site scripting,"IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.",IBM,Content Navigator,4.6,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-10-04T14:15:00.000Z,0 CVE-2022-43860,https://securityvulnerability.io/vulnerability/CVE-2022-43860,IBM Navigator for i SQL injection,"IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.",IBM,Navigator For I,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-12-24T00:15:00.000Z,0 CVE-2022-43859,https://securityvulnerability.io/vulnerability/CVE-2022-43859,IBM Navigator for i SQL injection,"IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.",IBM,Navigator For I,6.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-12-22T20:41:40.753Z,0 CVE-2022-43858,https://securityvulnerability.io/vulnerability/CVE-2022-43858,IBM Navigator for i information disclosure,"IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.",IBM,Navigator For I,4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-12-22T20:34:13.863Z,0 CVE-2022-43857,https://securityvulnerability.io/vulnerability/CVE-2022-43857,IBM Navigator for i information disclosure,"IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.",IBM,Navigator For I,4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-12-22T20:20:18.563Z,0 CVE-2022-43581,https://securityvulnerability.io/vulnerability/CVE-2022-43581,IBM Content Navigator code execution,"IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805.",IBM,Content Navigator,7.5,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2022-12-07T17:07:51.028Z,0 CVE-2022-38388,https://securityvulnerability.io/vulnerability/CVE-2022-38388,Improper Access Control in IBM Navigator Mobile for Android Apps,"The IBM Navigator Mobile app for Android versions 3.4.1.1 and 3.4.1.2 has a vulnerability that could enable local users to gain unauthorized access to sensitive information. This flaw arises from improper access control measures within the application, potentially allowing users with physical access to the device to exploit this weakness. Users are advised to update to the latest version and review security practices to protect sensitive data.",IBM,Navigator Mobile,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-11T16:15:00.000Z,0 CVE-2021-29714,https://securityvulnerability.io/vulnerability/CVE-2021-29714,Denial of Service Vulnerability in IBM Content Navigator,"IBM Content Navigator 3.0.CD is susceptible to a denial of service attack stemming from improper input validation. Malicious users can exploit this vulnerability to disrupt the service, leading to potential downtime and impact on operations. It is crucial for users and administrators to review their systems for this vulnerability and apply the necessary mitigations as outlined in IBM's support portal.",IBM,Content Navigator,6.5,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-09T16:15:00.000Z,0 CVE-2020-4902,https://securityvulnerability.io/vulnerability/CVE-2020-4902,,"IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045.",IBM,Datacap Navigator,6.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2021-07-01T16:15:00.000Z,0 CVE-2020-4935,https://securityvulnerability.io/vulnerability/CVE-2020-4935,,IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753.,IBM,Datacap Navigator,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-01T16:15:00.000Z,0 CVE-2021-20550,https://securityvulnerability.io/vulnerability/CVE-2021-20550,,IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.,IBM,Content Navigator,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-27T17:15:00.000Z,0 CVE-2021-20549,https://securityvulnerability.io/vulnerability/CVE-2021-20549,,IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167.,IBM,Content Navigator,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-27T17:15:00.000Z,0 CVE-2021-20448,https://securityvulnerability.io/vulnerability/CVE-2021-20448,,IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624.,IBM,Content Navigator,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-27T17:15:00.000Z,0