Unrated severityNVD Advisory· Published Aug 28, 2023· Updated Oct 2, 2024

IBM Security Guardium Data Encryption information disclosure

CVE-2023-26271

Description

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Inadequate account lockout settings in IBM Guardium Cloud Key Manager 1.10.3 allow remote attackers to brute force credentials.

Vulnerability

IBM Security Guardium Data Encryption, specifically IBM Guardium Cloud Key Manager (GCKM) version 1.10.3 and lower, uses an inadequate account lockout setting. This flaw resides in the authentication mechanism, allowing unlimited login attempts without account lockout after successive failures. [1]

Exploitation

A remote attacker with network access to the GCKM login interface can repeatedly attempt authentication against user accounts. No prior authentication or special privileges are required. The attacker can systematically guess credentials, leveraging the absence of a lockout policy to perform an efficient brute-force attack. [1]

Impact

Successful brute-force attacks could lead to unauthorized access to the affected system, potentially resulting in disclosure of sensitive information (confidentiality impact) with low severity, according to the CVSS vector. The attacker gains user-level access, which could be used as a stepping stone for further attacks. [1]

Mitigation

IBM has released a fix in Guardium Data Encryption version 1.10.3.1 and later. Users should upgrade to the latest version available from IBM support. No workaround is documented; applying the patch is the recommended mitigation. [1]

References

IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Security Guardium Data Encryptionllm-create
Range: <=
IBM/Guardium Cloud Key Managerllm-create
Range: = 1.10.3
IBM/Guardium Key Lifecycle Managercpe-rescue
Range: 1.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/6995161mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/248126mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000