CVE-2025-36026

Name of the Vulnerable Software and Affected Versions: IBM Datacap versions 9.1.7 through 9.1.9

Description: The issue is related to the improper handling of authorization tokens and session cookies, as the software does not set the secure attribute on these cookies or tokens. Attackers may be able to obtain the cookie values by sending a http link to a user or by planting this link in a site the user visits, allowing them to snoop the traffic and obtain the cookie value.

Recommendations: For versions 9.1.7 through 9.1.9, consider setting the secure attribute on authorization tokens and session cookies manually until a patch is available. As a temporary workaround, restrict access to sensitive areas of the application that use these cookies to minimize the risk of exploitation. Avoid using insecure links (http) for sensitive transactions; instead, use secure links (https) to protect the cookie values from being intercepted.