Unrated severityNVD Advisory· Published Aug 28, 2023· Updated Oct 2, 2024

IBM Security Guardium Data Encryption code execution

CVE-2023-26270

Description

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Guardium Cloud Key Manager 1.10.3 and lower are vulnerable to angular template injection, allowing remote unauthenticated attackers to execute arbitrary code.

Vulnerability

IBM Guardium Cloud Key Manager (GCKM) 1.10.3 and lower, part of IBM Guardium Data Encryption, contains an angular template injection vulnerability [1]. A remote attacker can send specially crafted requests to trigger this flaw, leading to arbitrary code execution on the system. The CVSS base score is 6.5.

Exploitation

An attacker requires network access to the affected system and no authentication (PR:N). By sending a specially crafted request containing malicious template syntax, the attacker can inject and execute arbitrary code in the context of the application [1]. No user interaction is required.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the system, impacting integrity and availability (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). The attacker can perform unauthorized actions within the application's security context.

Mitigation

IBM has released a fix in a later version of Guardium Cloud Key Manager. Users should upgrade to the latest version (see IBM support page for details) [1]. No workarounds are documented. The vulnerability is not known to be in CISA's KEV as of publication.

References

IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Guardium Cloud Key Managerllm-fuzzy
Range: =1.10.3
IBM/Guardium Key Lifecycle Managercpe-rescue
Range: 1.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/6995161mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/248119mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000