CVE-2026-7365 PUBLISHED

IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

Assigner: ibm
Reserved: 28.04.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.4

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Operations Analytics - Log Analysis
Versions	Version 1.3.2.0 is affected Version 1.3.3.0 is affected Version 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3 is affected Version 1.3.6.0, 1.3.6.1 is affected Version 1.3.7.0, 1.3.7.1, 1.3.7.2 is affected Version 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 is affected

Solutions

Principal Product and Version(s)Fix detailsIBM Operations Analytics - Log Analysis version 1.3.2.0, 1.3.3.0, 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.6.2, 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4IBM strongly recommends addressing the vulnerability now by resetting the password through the GUI or integrating IBM Operations Analytics - Log Analysis with LDAP. Refer to Provision for Updating Default Password During Installation - IBM Operations Analytics Log Analysis for the instructions.For Log Analysis before 1.3.7.0, upgrade to 1.3.7-TIV-IOALA-FP_signed or later before applying this.

References

https://www.ibm.com/support/pages/node/7272268

Problem Types

CWE-1392 Use of Default Credentials CWE