CVE-2026-8636
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allow an attacker to retrieve user passwords and cryptographic keys from memory. The attacker can use the same keys to decrypt passwords, gain access to the application, and access sensitive data in the database.
Risk Assessment
The risk for the organization is the potential takeover of user accounts and access to confidential data stored in the database, which may lead to a breach of confidentiality and system integrity.
Recommendation
It is recommended to immediately update IBM Datacap and IBM Datacap Navigator to the latest available version that fixes this vulnerability, and restrict access to process memory to trusted users only.
Original NVD description (English source)
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

