CVE-2026-5515
Modified Modified - Updated After Analysis
IBM App Connect Enterprise Information Disclosure in Logs

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5515
EUVD
EUVD-2026-32461
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm app_connect_enterprise From 13.0.1.0 (inc) to 13.0.7.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 when using WS-Security with Java 17. It involves the storage of potentially sensitive information in log files that can be accessed and read by a local user.

Impact Analysis

The vulnerability allows local users to read sensitive information from log files, which could lead to confidential data disclosure. This poses a medium severity risk as indicated by the CVSS base score of 5.5.

Mitigation Strategies

IBM has released a fix through APAR IT49227, available in IBM App Connect Enterprise v13 Fix Pack Release 13.0.7.1.

No workarounds or mitigations are currently available.

Users are advised to apply the appropriate fix to address the vulnerability.

Compliance Impact

The vulnerability involves the storage of potentially sensitive information in log files that could be accessed by a local user, which may lead to unauthorized disclosure of confidential data.

Such unauthorized access to sensitive information could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

However, the provided information does not explicitly state the direct effects on compliance with these standards or any regulatory guidance.

Detection Guidance

There are no specific detection commands or network-based detection methods provided for this vulnerability. The issue involves sensitive information being stored in log files accessible to local users.

To detect if your system is vulnerable, you can check the version of IBM App Connect Enterprise installed. Versions 13.0.1.0 through 13.0.7.0 are affected.

A possible command to check the installed version on your system might be:

  • On a system with IBM App Connect Enterprise installed, run: `mqsireportproperties <brokerName> -b` or check the version via the product's version command or interface.

If your version falls within the vulnerable range, you should apply the fix pack 13.0.7.1 or later as recommended by IBM.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5515. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart