CVE-2024-39741

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9

Description: The issue is related to incorrect restriction of directory path names, allowing a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Recommendations: For versions 9.1.5 through 9.1.9, consider restricting access to the vulnerable directory traversal functionality until a patch is available. As a temporary workaround, avoid using URL requests that contain "dot dot" sequences (/../) to prevent potential exploitation.