SB2026052929 - Multiple vulnerabilities in IBM Control Center

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052929

SB2026052929 - Multiple vulnerabilities in IBM Control Center

Published: May 29, 2026

Security Bulletin ID SB2026052929
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Improper access control (CVE-ID: CVE-2026-40973)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information, hijack authenticated users, or execute arbitrary code.

The vulnerability exists due to improper access control in ApplicationTemp when using a predictable temporary directory for persistent session storage without ownership verification. A local user can take control of the directory used by ApplicationTemp to disclose sensitive information, hijack authenticated users, or execute arbitrary code.

Exploitation requires server.servlet.session.persistent to be set to true and the attack to persist across application restarts.


2) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2026-40975)

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information and compromise integrity of secret-dependent operations.

The vulnerability exists due to the use of a weak pseudorandom number generator in the random value property source when generating values with ${random.value}. A remote attacker can predict generated values to disclose sensitive information and compromise integrity of secret-dependent operations.

${random.uuid} is not affected, and ${random.int} and ${random.long} should never be used for secrets because they are numeric values with a predictable range.


3) Link following (CVE-ID: CVE-2026-40977)

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to corrupt one file on the host.

The vulnerability exists due to improper link resolution in ApplicationPidFileWriter when writing the PID file at a predictable default path. A local privileged user can place a symlink at the PID file location to corrupt one file on the host.

Exploitation requires the application to be configured to use ApplicationPidFileWriter and requires write access to the PID file location.


Remediation

Install update from vendor's website.

References