IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation
Summary
| CVE | CVE-2026-7365 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 14:17:35 UTC |
| Updated | 2026-06-02 15:40:12 UTC |
| Description | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000170000 probability, percentile 0.045890000 (date 2026-06-08)
Problem Types: CWE-1392 | NVD-CWE-noinfo | CWE-1392 CWE-1392 Use of Default Credentials
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | [email protected] | Secondary | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Operations Analytics Log Analysis | 1.3.2.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.3.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.5.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.5.1 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.5.2 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.5.3 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.6.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.6.1 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.7.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.7.1 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.7.2 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.8.0 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.8.1 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.8.2 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.8.3 | All | All | All |
| Application | Ibm | Operations Analytics Log Analysis | 1.3.8.4 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.2.0 | Not specified |
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.3.0 | Not specified |
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3 | Not specified |
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.6.0, 1.3.6.1 | Not specified |
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.7.0, 1.3.7.1, 1.3.7.2 | Not specified |
| CNA | IBM | Operations Analytics - Log Analysis | affected 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ibm.com/support/pages/node/7272268 | [email protected] | www.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
Solutions
CNA: Principal Product and Version(s)Fix detailsIBM Operations Analytics - Log Analysis version 1.3.2.0, 1.3.3.0, 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.6.2, 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4IBM strongly recommends addressing the vulnerability now by resetting the password through the GUI or integrating IBM Operations Analytics - Log Analysis with LDAP. Refer to Provision for Updating Default Password During Installation - IBM Operations Analytics Log Analysis for the instructions.For Log Analysis before 1.3.7.0, upgrade to 1.3.7-TIV-IOALA-FP_signed or later before applying this.