Volerion logoVolerion
Volerion logoVolerion

IBM Datacap and Datacap Navigator Sensitive Cookie Vulnerability

Vulnerability

A vulnerability exists in IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9, as well as in all versions of Datacap Navigator. These versions do not properly set the secure attribute on authorization tokens or session cookies. This oversight allows attackers to intercept cookie values by sending a link to a user or embedding it in a site the user visits. The cookie would be transmitted to the insecure link, enabling the attacker to snoop on the traffic and capture the cookie value.

Impact

Exploitation of this vulnerability could lead to interception of session cookies, allowing for session hijacking.

Remediation

Users are advised to upgrade to IBM Datacap version 9.1.9 Interim Fix 007. Details can be found in the IBM Datacap Version 9.1.9, interim fix 007 readme file.

Added: Jun 28, 2025, 1:18 AM
Updated: Jun 28, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
5.0
exploitability
5.6
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.