CVE-2026-4788
Information Disclosure in IBM Tivoli Netcool Impact Logs
Publication date: 2026-04-08
Last updated on: 2026-04-14
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | tivoli_netcool/impact | From 7.1.0.0 (inc) to 7.1.0.38 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4788 is a vulnerability in IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 where sensitive information is stored in log files that can be accessed by a local user.
This issue is classified under CWE-532, which involves the insertion of sensitive information into log files, potentially exposing confidential data.
The vulnerability has a CVSS v3.1 base score of 8.4, indicating a high severity with a local attack vector, low attack complexity, no privileges required, no user interaction needed, and a high impact on confidentiality, integrity, and availability.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized local users reading sensitive information stored in log files, which can compromise confidentiality.
Because the vulnerability affects confidentiality, integrity, and availability, it could allow attackers to gain access to sensitive data, potentially modify it, or disrupt system operations.
The impact is significant as it requires no privileges or user interaction to exploit, making it easier for local attackers to leverage.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade IBM Tivoli Netcool Impact to version 7.1.0 Fix Pack 38 or later.
No other workarounds or mitigations are provided besides upgrading to the fixed version.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves IBM Tivoli Netcool Impact storing sensitive information in log files accessible to local users, which could lead to unauthorized disclosure of sensitive data.
Such unauthorized access to sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data and controlling access to it.
However, the provided information does not explicitly discuss the direct effects of this vulnerability on compliance with these or other common standards and regulations.