Description
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
Severity (CVSS)
| Base score | 5.5 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Provided by | CNA |
Weaknesses
- CWE-316 — CWE-316 Cleartext Storage of Sensitive Information in Memory
Affected products
| Vendor | Product | Versions |
|---|---|---|
| IBM | Datacap | 9.1.7 to <=1.8.4; 9.1.8; 9.1.9 |
| IBM | Datacap Navigator | 9.1.7 to <=8.2.1.0; 9.1.8; 9.1.9 |
References
- https://www.ibm.com/support/pages/node/7276609 (vendor-advisory patch)
Generated from the official CVE List on 23 Jun 2026 10:05 UTC.