Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.
AnalysisAI
Sensitive information disclosure in IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 allows local attackers with no authentication required to extract credentials and configuration secrets from application log files. With CVSS 8.4 and High impact to confidentiality, integrity, and availability, the CWE-532 flaw enables privilege escalation through exposed secrets. No public exploit identified at time of analysis, with EPSS data unavailable, though the low attack complexity (AC:L) suggests straightforward exploitation once local access is obtained.
Technical ContextAI
IBM Tivoli Netcool Impact is an enterprise event management and network automation platform used for real-time monitoring and policy-based remediation. This vulnerability manifests as CWE-532 (Insertion of Sensitive Information into Log File), a common security anti-pattern where applications write secrets like passwords, API keys, session tokens, or database credentials to diagnostic logs in cleartext or reversibly-encoded formats. The affected CPE cpe:2.3:a:ibm:tivoli_netcool_impact identifies the vulnerable component across all versions in the 7.1.0.x branch from initial release through maintenance release 37. The local attack vector (AV:L) indicates exploitation requires prior access to the system filesystem where Netcool Impact processes execute, but requires no authentication (PR:N) once that access exists, suggesting the log files have overly permissive read access or are stored in locations accessible to unprivileged local accounts.
RemediationAI
Vendor-released patch available per IBM security bulletin. Organizations running IBM Tivoli Netcool Impact should immediately consult the official advisory at https://www.ibm.com/support/pages/node/7268267 for specific upgrade instructions and the patched version that addresses CVE-2026-4788. The bulletin provides detailed remediation steps including version upgrade paths from affected 7.1.0.0 through 7.1.0.37 releases. As an interim compensatory control while planning the upgrade, restrict filesystem access to Netcool Impact log directories using operating system permissions to limit read access only to the service account and authorized administrators, and implement log file rotation with secure deletion of rotated logs to minimize exposure window. Review existing log files for exposed credentials and rotate any identified secrets including database passwords, integration API keys, and service account credentials that may have been written to logs.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20028
GHSA-58gv-j5qc-234v