Description

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

Severity (CVSS)

Base score5.5
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Provided byCNA

Weaknesses

  • CWE-316 — CWE-316 Cleartext Storage of Sensitive Information in Memory

Affected products

VendorProductVersions
IBMDatacap9.1.7 to <=1.8.4; 9.1.8; 9.1.9
IBMDatacap Navigator9.1.7 to <=8.2.1.0; 9.1.8; 9.1.9

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 23 Jun 2026 10:05 UTC.