CVE-2024-39734

Name of the Vulnerable Software and Affected Versions IBM Datacap Navigator versions 9.1.5 through 9.1.9

Description The issue is related to the absence of the secure attribute in session cookies, allowing attackers to obtain cookie values by sending a http link to a user or by planting this link in a site the user visits. The cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic. This may enable a remote attacker to gain unauthorized access to protected information by intercepting session cookies.

Recommendations For IBM Datacap Navigator versions 9.1.5 through 9.1.9, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure links. As a temporary workaround, restrict access to sensitive information and avoid using insecure links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.