IBM Datacap Navigator up to 9.1.9 credentials storage

Summaryinfo

A vulnerability classified as problematic was found in IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9. This affects an unknown part. Such manipulation leads to credentials storage. This vulnerability is referenced as CVE-2024-39733. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a credentials storage vulnerability. Using CWE to declare the problem leads to CWE-256. Storing a password in plaintext may result in a system compromise. Impacted is confidentiality. CVE summarizes:

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 295972.

The advisory is shared for download at ibm.com. This vulnerability is handled as CVE-2024-39733 since 06/28/2024. The exploitation is known to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1552.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (295972). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• IBM

Name

• Datacap Navigator

Version

• 9.1.5
• 9.1.6
• 9.1.7
• 9.1.8
• 9.1.9

License

• commercial

Website

• Vendor: https://www.ibm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion