CVE-2026-7365
Analyzed Analyzed - Analysis Complete
Default Passwords in IBM Operations Analytics Log Analysis

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description
IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7365
EUVD
EUVD-2026-32505
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
ibm operations_analytics_log_analysis 1.3.2.0
ibm operations_analytics_log_analysis 1.3.3.0
ibm operations_analytics_log_analysis 1.3.5.0
ibm operations_analytics_log_analysis 1.3.5.1
ibm operations_analytics_log_analysis 1.3.5.2
ibm operations_analytics_log_analysis 1.3.5.3
ibm operations_analytics_log_analysis 1.3.6.0
ibm operations_analytics_log_analysis 1.3.6.1
ibm operations_analytics_log_analysis 1.3.7.0
ibm operations_analytics_log_analysis 1.3.7.1
ibm operations_analytics_log_analysis 1.3.7.2
ibm operations_analytics_log_analysis 1.3.8.0
ibm operations_analytics_log_analysis 1.3.8.1
ibm operations_analytics_log_analysis 1.3.8.2
ibm operations_analytics_log_analysis 1.3.8.3
ibm operations_analytics_log_analysis 1.3.8.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to bypass authentication by using default passwords, leading to unauthorized access. Such unauthorized access can result in exposure or compromise of sensitive data, which may violate compliance requirements under standards like GDPR and HIPAA that mandate strict access controls and protection of personal and health information.

Therefore, if exploited, this vulnerability could negatively impact an organization's compliance posture by failing to adequately protect sensitive data and maintain proper authentication controls.

Executive Summary

CVE-2026-7365 is a vulnerability in IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis where default passwords from the manufacturing process are used during installation.

This use of default passwords allows an attacker to bypass authentication and gain unauthorized access to the affected systems.

The affected versions include 1.3.2.0 through 1.3.8.4.

Impact Analysis

This vulnerability can have a high impact as it allows attackers to bypass authentication controls.

An attacker exploiting this vulnerability could gain unauthorized access to sensitive data and systems.

The CVSS base score of 8.4 reflects the high severity, indicating potential for significant confidentiality, integrity, and availability impacts.

Mitigation Strategies

To mitigate the vulnerability in IBM Operations Analytics - Log Analysis, IBM recommends resetting the default passwords via the GUI or integrating the system with LDAP for authentication.

For affected versions before 1.3.7.0, it is advised to upgrade to version 1.3.7-TIV-IOALA-FP_signed or later.

No workarounds are provided, so addressing the issue promptly by following these steps is important.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7365. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart