IBM Datacap Security Bulletin: Multiple Vulnerabilities (Clickjacking, XSS, Buffer Overflow, Cookie Security)

Critical Vulnerability Information Vulnerability Overview CVE IDs: CVE-2023-36027, CVE-2024-39730, CVE-2015-5099, CVE-2023-26546, CVE-2005-36026 Affected Products and Versions: IBM Datacap 9.1.7, 9.1.8, 9.1.9; Datacap Navigator All Remediation Recommendation: Install the Fix package to address vulnerabilities in all affected products/versions. Vulnerability Details CVE-2023-36027 Description: Remote attackers can hijack a victim's click operations via malicious websites, enabling further attacks. CWE: CWE-1021: Improper Restriction of Rendered UI Layers or Frames CVSS Score: 6.1 CVE-2024-39730 Description: Datacap Navigator allows remote attackers to hijack a victim's click operations via malicious websites, enabling further attacks. CWE: CWE-913: User Interface (UI) Misrepresentation of Critical Information CVSS Score: 6.1 CVE-2015-5099 Description: Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS Score: 6.1 CVE-2023-26546 Description: Buffer overflow vulnerability in libtiff 4.5.0; when libtiff reads a corrupted TIFF file, it may cause a buffer overflow. CWE: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CVSS Score: 3.3 CVE-2005-36026 Description: Datacap does not set the 'secure' attribute on authentication tokens or session cookies, allowing attackers to obtain cookie values via HTTP links. CWE: CWE-514: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute CVSS Score: 4.3 Affected Products and Versions IBM Datacap 9.1.7 IBM Datacap 9.1.8 IBM Datacap 9.1.9 Datacap Navigator All Remediation Measures It is strongly recommended to install the Fix package to resolve all vulnerabilities in the affected products/versions listed above.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Datacap Security Bulletin: Multiple Vulnerabilities (Clickjacking, XSS, Buffer Overflow, Cookie Security)