Description
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
Published: 2026-06-22
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Datacap 9.1.7 through 9.1.9 and Datacap Navigator 9.1.7 through 9.1.9 contain a flaw that lets an attacker read passwords and cryptographic keys from process memory. By extracting these secrets, the attacker can decrypt stored passwords, authenticate themselves to the application, and subsequently read or modify sensitive database records.

Affected Systems

IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9 together with IBM Datacap Navigator versions 9.1.7, 9.1.8, and 9.1.9 are affected.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate threat level. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation but still a significant risk to systems that rely on these products. The description does not state the exact attack vector; it is inferred that the attacker needs either local system or application access sufficient to read memory, or exploitation of an existing vulnerability that permits such access.

Generated by OpenCVE AI on June 22, 2026 at 16:29 UTC.

Remediation

Vendor Solution

IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing IBM Datacap 9.1.9 Interim Fix 008

OpenCVE Recommended Actions

  • Install IBM Datacap 9.1.9 Interim Fix 008 to address all affected versions.
  • Reconfigure the application to avoid storing cryptographic keys or passwords in cleartext in memory, using secure key management or memory protection mechanisms.
  • Apply strict access controls to limit who can execute processes that handle sensitive credentials, and monitor for unusual memory access patterns.
  • Review and harden the deployment environment to reduce local privilege escalation opportunities.

Generated by OpenCVE AI on June 22, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
Title Multiple Vulnerabilities in IBM Datacap
First Time appeared Ibm
Ibm datacap
Ibm datacap Navigator
Weaknesses CWE-316
CPEs cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:datacap_navigator:9.1.9:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm datacap
Ibm datacap Navigator
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Datacap Datacap Navigator
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-22T16:07:09.938Z

Reserved: 2026-05-14T19:33:49.373Z

Link: CVE-2026-8636

cve-icon Vulnrichment

Updated: 2026-06-22T16:07:06.733Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T16:30:08Z

Weaknesses
  • CWE-316

    Cleartext Storage of Sensitive Information in Memory