Session Cookie Security Flaw in IBM Datacap Products
CVE-2025-36026

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Datacap
Vendor: CVE Published:; 28 June 2025

What is CVE-2025-36026?

IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9 have a vulnerability that results from not setting the secure attribute on authorization tokens and session cookies. This misconfiguration allows attackers to exploit the weakness by sending links over HTTP, which could result in the exposure of sensitive cookie values. By manipulating users into clicking on such links, attackers could potentially snoop network traffic to gather this information, thus compromising user sessions and sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Datacap 9.1.7

Datacap 9.1.8

Datacap 9.1.9

References

https://www.ibm.com/support/pages/node/7238443

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Apr 15, 2025

JSON

IBM