{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4788", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-03-24T19:37:42.923Z", "datePublished": "2026-04-08T00:20:03.695Z", "dateUpdated": "2026-04-09T03:56:00.826Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-08T00:20:03.695Z"}, "title": "Multiple Vulnerabilities affect IBM Tivoli Netcool Impact", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Tivoli Netcool Impact", "versions": [{"status": "affected", "version": "7.1.0.0", "lessThanOrEqual": "7.1.0.37", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.37:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268267", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38\n\nProductVRMFRemediationIBM Tivoli Netcool Impact7.1.0.38Upgrade to IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38 https://www.ibm.com/support/pages/node/7184732 or later.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><strong>IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38</strong></p><div><table><tbody><tr><td>Product</td><td>VRMF</td><td>Remediation</td></tr><tr><td>IBM Tivoli Netcool Impact</td><td>7.1.0.38</td><td>Upgrade to <a href=\"https://www.ibm.com/support/pages/node/7184732\" rel=\"nofollow\">IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38</a> or later.</td></tr></tbody></table></div>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4788"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T03:56:00.826Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4788", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T14:22:48.061707Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T14:23:04.616Z"}}], "cna": {"title": "Multiple Vulnerabilities affect IBM Tivoli Netcool Impact", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:tivoli_netcool_impact:7.1.0.37:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Tivoli Netcool Impact", "versions": [{"status": "affected", "version": "7.1.0.0", "versionType": "semver", "lessThanOrEqual": "7.1.0.37"}]}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38\n\nProductVRMFRemediationIBM Tivoli Netcool Impact7.1.0.38Upgrade to IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38 https://www.ibm.com/support/pages/node/7184732 or later.", "supportingMedia": [{"type": "text/html", "value": "<p><strong>IBM strongly recommends addressing the vulnerability now by upgrading to 7.1.0 FP38</strong></p><div><table><tbody><tr><td>Product</td><td>VRMF</td><td>Remediation</td></tr><tr><td>IBM Tivoli Netcool Impact</td><td>7.1.0.38</td><td>Upgrade to <a href=\"https://www.ibm.com/support/pages/node/7184732\" rel=\"nofollow\">IBM Tivoli Netcool Impact 7.1.0 Fix Pack 38</a> or later.</td></tr></tbody></table></div>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268267", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-08T00:20:03.695Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4788", "state": "PUBLISHED", "dateUpdated": "2026-04-08T14:23:09.848Z", "dateReserved": "2026-03-24T19:37:42.923Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-04-08T00:20:03.695Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_netcool\\/impact:*:*:*:*:*:*:*:*", "matchCriteriaId": "153A4F4B-493F-4908-B84B-1FF59DF36882", "versionEndExcluding": "7.1.0.38", "versionStartIncluding": "7.1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user."}], "id": "CVE-2026-4788", "lastModified": "2026-04-14T21:29:36.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-08T01:16:41.220", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7268267"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.1.0.0,7.1.0.37]"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Tivoli Netcool Impact", "source": "cna", "vendor": "IBM"}, "product": "tivoli_netcool/impact", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-04-08T02:51:25.283705+00:00", "value": {"mitigation_remediation": ["Upgrade IBM Tivoli Netcool Impact to 7.1.0 Fix Pack 38 or a later release"], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is IBM Tivoli Netcool Impact, with affected releases ranging from 7.1.0.0 up to and including 7.1.0.37. Versions 7.1.0.38 and later contain the remediation and are not impacted.", "description_and_impact": "IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 store sensitive information within log files that are readable by any local user. This flaw allows any user who can launch the application locally to view confidential data written to the logs. The weakness corresponds to CWE\u2011532, which concerns insecure storage of sensitive information.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.4, indicating a high severity. EPSS information is unavailable and the flaw is not listed in the CISA KEV catalog, suggesting limited evidence of active exploitation. Attack requires local user privileges to read log files; once local access is achieved, the attack can be executed with minimal effort."}}}}, "created": "2026-04-08T19:33:40.911566+00:00", "updated": "2026-04-08T19:44:27.099647+00:00", "vendors": ["ibm", "ibm$PRODUCT$tivoli_netcool/impact"]}