Datacap Navigator Vulnerable to HTTP Header Injection
CVE-2024-39736

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Datacap; Datacap Navigator
Vendor: CVE Published:; 15 July 2024

Summary

IBM Datacap Navigator versions 9.1.5 through 9.1.9 are exposed to an HTTP header injection vulnerability stemming from inadequate validation of input in the HOST headers. This security flaw could permit an attacker to execute various attacks, such as cross-site scripting, session hijacking, or cache poisoning, potentially compromising the integrity and confidentiality of sensitive information processed by the application. This vulnerability highlights the importance of proper input validation and secure coding practices to mitigate risks associated with web application vulnerabilities.

References

https://www.ibm.com/support/pages/node/7160185

https://exchange.xforce.ibmcloud.com/vulnerabilities/296003

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2024