Description
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
Published: 2026-04-08
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 store sensitive information within log files that are readable by any local user. This flaw allows any user who can launch the application locally to view confidential data written to the logs. The weakness corresponds to CWE‑532, which concerns insecure storage of sensitive information.

Affected Systems

The affected product is IBM Tivoli Netcool Impact, with affected releases ranging from 7.1.0.0 up to and including 7.1.0.37. Versions 7.1.0.38 and later contain the remediation and are not impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.4, indicating a high severity. EPSS information is unavailable and the flaw is not listed in the CISA KEV catalog, suggesting limited evidence of active exploitation. Attack requires local user privileges to read log files; once local access is achieved, the attack can be executed with minimal effort.

Generated by OpenCVE AI on April 8, 2026 at 02:51 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38 ProductVRMFRemediationIBM Tivoli Netcool Impact7.1.0.38Upgrade to IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38 https://www.ibm.com/support/pages/node/7184732 or later.

OpenCVE Recommended Actions

  • Upgrade IBM Tivoli Netcool Impact to 7.1.0 Fix Pack 38 or a later release

Generated by OpenCVE AI on April 8, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm tivoli Netcool\/impact
CPEs cpe:2.3:a:ibm:tivoli_netcool\/impact:*:*:*:*:*:*:*:*
Vendors & Products Ibm tivoli Netcool\/impact

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Ibm tivoli Netcool/impact
Vendors & Products Ibm tivoli Netcool/impact

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
Title Multiple Vulnerabilities affect IBM Tivoli Netcool Impact
First Time appeared Ibm
Ibm tivoli Netcool Impact
Weaknesses CWE-532
CPEs cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.37:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm tivoli Netcool Impact
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Tivoli Netcool/impact Tivoli Netcool\/impact Tivoli Netcool Impact
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-09T03:56:00.826Z

Reserved: 2026-03-24T19:37:42.923Z

Link: CVE-2026-4788

cve-icon Vulnrichment

Updated: 2026-04-08T14:23:04.616Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T01:16:41.220

Modified: 2026-04-14T21:29:36.453

Link: CVE-2026-4788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:44:27Z

Weaknesses