IBM Datacap
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Datacap.
By the Year
In 2026 there have been 0 vulnerabilities in IBM Datacap. Last year, in 2025 Datacap had 3 security vulnerabilities published. Right now, Datacap is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 5.03 |
| 2024 | 12 | 5.83 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 0.00 |
It may take a day or so for new Datacap vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Datacap Security Vulnerabilities
IBM Datacap 9.1.7-9.1.9 Remote Click Hijack (CVE-2025-36027)
CVE-2025-36027
5.4 - Medium
- June 28, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
IBM Datacap 9.1.7-9.1.9 Cookie Secure Flag Missing CVE-2025-36026
CVE-2025-36026
4.3 - Medium
- June 28, 2025
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
IBM Datacap Navigator 9.1.7-9.1.9 Remote Click Hijack (Clickjacking)
CVE-2024-39730
5.4 - Medium
- June 28, 2025
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
User Interface (UI) Misrepresentation of Critical Information
IBM Datacap Navigator 9.1.x Directory Traversal via URL (CVE-2024-39741)
CVE-2024-39741
5.3 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
Directory traversal
IBM Datacap Navigator 9.1.59.1.9 Info Disclosure via HTTP Requests
CVE-2024-39740
5.3 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
IBM Datacap Navigator 9.1.5-9.1.9 XSS in Web UI
CVE-2024-39735
5.4 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 296002.
XSS
Authenticated Source Code Disclosure in IBM Datacap Navigator v9.1.5-9.1.9
CVE-2024-39729
4.3 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
CVE202439728: IBM Datacap Navigator <=9.1.9 Stored XSS in Web UI
CVE-2024-39728
5.4 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 295967.
XSS
IBM Datacap Navigator SSRF in 9.1.59.1.9 (before 9.1.10)
CVE-2024-39739
4.3 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 296008.
SSRF
IBM Datacap Navigator 9.1.5-9.1.9 Remote Info Leak via Detailed Error
CVE-2024-39737
5.3 - Medium
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 296004.
Generation of Error Message Containing Sensitive Information
IBM Datacap Navigator 9.1.5-9.1.9: HOST Header Injection (HTTP Header Injection)
CVE-2024-39736
9.8 - Critical
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 296003.
Output Sanitization
IBM Datacap Navigator 9.1.59.1.9 Weak Crypto Allows Decryption
CVE-2024-39731
7.5 - High
- July 15, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 295970.
Use of a Broken or Risky Cryptographic Algorithm
IBM Datacap Navigator 9.1.5-9.1.9: Unsecure Auth/Session Cookies
CVE-2024-39734
4.3 - Medium
- July 14, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001.
Reliance on Cookies without Validation and Integrity Checking
IBM Datacap Navigator 9.1.59.1.9 Local User Credential Leak
CVE-2024-39733
5.5 - Medium
- July 14, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.
Insufficiently Protected Credentials
IBM Datacap Navigator 9.1.* Env Data Exposure via Temp Store
CVE-2024-39732
7.5 - High
- July 14, 2024
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791.
Cleartext Storage of Sensitive Information
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could
CVE-2018-1773
- September 12, 2018
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Datacap or by IBM? Click the Watch button to subscribe.
