HarborGuard / CVE
Back to search
HIGHCVE-2026-7365Published Modified CNA ibm

CVE-2026-7365: IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is an authentication bypass vulnerability in IBM Operations Analytics - Log Analysis (and IBM SmartCloud Analytics - Log Analysis) caused by default passwords that are not forced to change after installation. According to the CVSS vector, the vulnerability is exploitable locally without any authentication, meaning an attacker who already has access to the host or installation environment can use well-known default credentials to bypass the product's authentication controls entirely. Successful exploitation gives the attacker full read, write, and availability impact over the affected system. No fix versions have been published; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from the affected IBM product versions. Any image found running a vulnerable version of IBM Operations Analytics - Log Analysis (1.3.2.0 through 1.3.6.1) is flagged immediately in the customer's scan results.

Available
Triage

HarborGuard scores this CVE at CVSS 8.4 (HIGH) and is capable of applying per-environment compliance policy weighting to surface it at the appropriate priority level within each customer org. Triage routing is available to direct findings to the right team inbox based on each organization's configured ownership rules.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available the moment IBM releases a corrected version. In the interim, compensating-control recommendations are surfaced in the finding, including network-policy isolation to restrict access to the affected service and restricting local shell access to the host.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no over-the-network exposure is required to reach the vulnerable authentication path.

  • AuthenticationNot required

    No prior credentials are needed; the vulnerability itself is the mechanism by which authentication is bypassed using default passwords.

  • Victim interactionNot required

    No victim action is required; the attacker operates entirely without involving another user.

  • Attack complexityDetail

    Exploitation is straightforward and condition-free; no race conditions or special environmental factors are required to reproduce the attack reliably.

Blast Radius

  • A successful attacker reads all data accessible to the application, including stored log records, configuration data, and any credentials held by the service.
  • The attacker can modify or delete persisted data within the Log Analysis system, including tampering with log records or altering application configuration.
  • The attacker can disrupt or crash the affected service, causing loss of log ingestion and analytics availability for the host environment.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored across all customer environments that include IBM Operations Analytics - Log Analysis images in their scans. Because IBM has not yet published a fix version, no patched-image rebuild can be generated at this time. HarborGuard re-evaluates the advisory on every ingest cycle and will automatically trigger a rebuild and, for customers with auto-remediation enabled, open a patch PR against affected workloads the moment an upstream fix is released. In the meantime, the finding surfaces compensating-control guidance: applying network policy to prevent unnecessary local access to the host, restricting shell access to the service account running Log Analysis, and auditing any default credential configurations present in the deployment. Customers whose compliance policy flags HIGH-severity unpatched issues will see this CVE routed to the appropriate escalation inbox based on their configured ownership rules.

See how HarborGuard automates this

Metrics

CVSS v3.1
8.4
Severity
HIGH
Fixed in
Affected Products
1
Affected packages
  • IBM / Operations Analytics - Log Analysis
    1.3.2.0 · 1.3.3.0 · 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3 · 1.3.6.0, 1.3.6.1 · 1.3.7.0, 1.3.7.1, 1.3.7.2 · 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References