Description
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 allows a local user to read log files that may contain sensitive data. The vulnerability results in information disclosure that exposes confidential data stored in logs. The weakness is consistent with CWE-532, which indicates that sensitive information is inadvertently logged, and CWE-922, which also points to insecure data exposure.

Affected Systems

IBM App Connect Enterprise, versions 13.0.1.0 to 13.0.7.0.

Risk and Exploitability

Based on the description, it is inferred that an attacker would need local user access to the system to read the logs; privileged local users could read the logs and obtain confidential information. The CVSS score of 5.5 indicates medium severity, and the EPSS score of < 1% reflects a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. IBM recommends addressing the issue immediately by applying the APAR IT49227 fix found in Fix Pack 13.0.7.1.

Generated by OpenCVE AI on June 2, 2026 at 18:39 UTC.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Affected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.0IT49227 The APAR (IT49227) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1 https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071

OpenCVE Recommended Actions

  • Apply the IBM App Connect Enterprise 13.0.7.1 Fix Pack that includes APAR IT49227.
  • Configure log directory permissions so that only authorized users can read log files.
  • Implement log rotation or secure deletion policies to limit the time sensitive data remains in logs.

Generated by OpenCVE AI on June 2, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532

Thu, 28 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-532

Thu, 28 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
CPEs cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-532

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
Title IBM App Connect Enterprise is vulnerable to a confidential disclosure
First Time appeared Ibm
Ibm app Connect Enterprise
CPEs cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm app Connect Enterprise
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm App Connect Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-02T16:12:13.028Z

Reserved: 2026-04-03T21:46:07.141Z

Link: CVE-2026-5515

cve-icon Vulnrichment

Updated: 2026-05-27T15:29:46.659Z

cve-icon NVD

Status : Modified

Published: 2026-05-27T14:17:34.137

Modified: 2026-06-02T17:16:37.907

Link: CVE-2026-5515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T18:45:06Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File

  • CWE-922

    Insecure Storage of Sensitive Information