Description
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 lets a local user read log files that may contain sensitive data. The vulnerability causes an information disclosure that exposes confidential data stored in logs. The weakness aligns with CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.

Affected Systems

IBM App Connect Enterprise, versions 13.0.1.0 to 13.0.7.0.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity. The EPSS score is not available, so the likelihood of exploitation is uncertain. The vulnerability is not listed in the CISA KEV catalog. Attack can occur only by a local user with file system access; privileged users could read the logs and gain confidential information. IBM recommends addressing the issue immediately with the APAR IT49227 fix found in Fix Pack 13.0.7.1.

Generated by OpenCVE AI on May 27, 2026 at 18:01 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Affected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.0IT49227 The APAR (IT49227) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1 https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071

OpenCVE Recommended Actions

  • Apply the IBM App Connect Enterprise 13.0.7.1 Fix Pack that includes APAR IT49227.
  • Configure log directory permissions so that only authorized users can read log files.
  • Implement log rotation or secure deletion policies to limit the time sensitive data remains in logs.

Generated by OpenCVE AI on May 27, 2026 at 18:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-532

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Title IBM App Connect Enterprise is vulnerable to a confidential disclosure
First Time appeared Ibm
Ibm app Connect Enterprise
CPEs cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm app Connect Enterprise
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm App Connect Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T15:29:50.598Z

Reserved: 2026-04-03T21:46:07.141Z

Link: CVE-2026-5515

cve-icon Vulnrichment

Updated: 2026-05-27T15:29:46.659Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:34.137

Modified: 2026-05-27T14:53:51.833

Link: CVE-2026-5515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T18:15:21Z

Weaknesses