CVE-2026-4788

High

Published: 08 April 2026

Published

08 April 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 2.8th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4788 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Ibm Tivoli Netcool\/Impact. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-9 (Protection of Audit Information).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AU-9 Protection of Audit Information good match

prevent

AU-9 directly protects log files containing sensitive information from unauthorized access by local users.

SI-2 Flaw Remediation good match

prevent

SI-2 remediates the flaw that inserts sensitive information into log files, preventing the vulnerability at its source.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved access controls on log files to block unprivileged local users from reading sensitive information.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1654 Log Enumeration Discovery

Adversaries may enumerate system and service logs to find useful data.

attack.mitre.org →

Why these techniques?

Vulnerability exposes sensitive data in accessible log files to local users with no privileges, directly enabling collection of data from local system sources and enumeration of system logs.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

Deeper analysisAI

CVE-2026-4788 is a vulnerability in IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37, where sensitive information is stored in log files that can be read by a local user. Published on 2026-04-08, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-532 (Insertion of Sensitive Information into Log File).

A local user requires no privileges to exploit this issue by accessing the affected log files. Exploitation enables reading of sensitive information stored within those logs, with the CVSS metrics indicating high impacts on confidentiality, integrity, and availability.

IBM provides details on mitigation in its security advisory at https://www.ibm.com/support/pages/node/7268267.

Details

CWE(s): CWE-532

Affected Products

ibm

tivoli netcool\/impact

7.1.0.0 — 7.1.0.38

CVEs Like This One

CVE-2026-0977Same vendor: Ibm

CVE-2025-1722Same vendor: Ibm

CVE-2025-13108Same vendor: Ibm

CVE-2024-56340Same vendor: Ibm

CVE-2025-0162Same vendor: Ibm

CVE-2026-1567Same vendor: Ibm

CVE-2025-13096Same vendor: Ibm

CVE-2024-41771Same vendor: Ibm

CVE-2024-31896Same vendor: Ibm

CVE-2025-14923Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7268267
Vendor Advisory · psirt@us.ibm.com