Session Cookie Security Flaw in IBM Datacap Products
CVE-2025-36026

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Datacap
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-36026?

IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9 have a vulnerability that results from not setting the secure attribute on authorization tokens and session cookies. This misconfiguration allows attackers to exploit the weakness by sending links over HTTP, which could result in the exposure of sensitive cookie values. By manipulating users into clicking on such links, attackers could potentially snoop network traffic to gather this information, thus compromising user sessions and sensitive data.

Affected Version(s)

Datacap 9.1.7, 9.1.8, 9.1.9

References

https://www.ibm.com/support/pages/node/7238443

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Apr 15, 2025