CVE-2026-7365 - Vulnerability Details

CVE-2026-7365 - IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ibm	Operations Analytics - Log Analysis Operations Analytics Log Analysis Operations Analytics Log Analysis

Configuration 1 [-]

OR	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.2.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.3.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.1:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.2:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.3:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.6.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.6.1:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.1:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.2:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.0:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.1:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.2:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.3:::::::*
	cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.4:::::::*

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7272268

History

Tue, 02 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm operations Analytics Log Analysis
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.2.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.3.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.1:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.2:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.5.3:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.6.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.6.1:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.1:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.7.2:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.0:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.1:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.2:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.3:::::::* cpe:2.3:a:ibm:operations_analytics_log_analysis:1.3.8.4:::::::*
Vendors & Products		Ibm operations Analytics Log Analysis

Thu, 28 May 2026 01:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm operations Analytics - Log Analysis
Vendors & Products		Ibm operations Analytics - Log Analysis

Wed, 27 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.
Title		IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation
First Time appeared		Ibm Ibm operations Analytics Log Analysis
Weaknesses		CWE-1392
CPEs		cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.2.0:::::::* cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.3.0:::::::* cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.5.0:::::::* cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.6.0:::::::* cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.7.0:::::::* cpe:2.3:a:ibm:operations_analytics___log_analysis:1.3.8.0:::::::*
Vendors & Products		Ibm Ibm operations Analytics Log Analysis
References		https://www.ibm.com/support/pages/node/7272268
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-05-27T13:55:22.608Z

Updated: 2026-05-27T14:52:38.627Z

Reserved: 2026-04-28T20:46:39.086Z

Link: CVE-2026-7365

Vulnrichment

Updated: 2026-05-27T14:52:26.466Z

NVD

Status : Analyzed

Published: 2026-05-27T14:17:35.280

Modified: 2026-06-02T15:40:12.287

Link: CVE-2026-7365

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object