Unrated severityNVD Advisory· Published Aug 28, 2023· Updated Oct 2, 2024

IBM Security Guardium Data Encryption information disclosure

CVE-2023-26272

Description

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Guardium Cloud Key Manager 1.10.3 and lower returns detailed technical error messages that could leak sensitive information to an unauthenticated remote attacker.

Vulnerability

IBM Guardium Cloud Key Manager (GCKM) version 1.10.3 and lower, part of IBM Security Guardium Data Encryption (GDE), exposes detailed technical error messages in the browser. This information disclosure occurs when the application returns verbose error responses, potentially revealing internal system details [1].

Exploitation

An unauthenticated remote attacker can trigger error conditions that cause the application to return verbose error messages. No authentication or user interaction is required; the attacker simply sends crafted requests to the vulnerable endpoint and observes the response [1].

Impact

Successful exploitation allows the attacker to obtain sensitive technical information about the system. This information could be used to further attack the system. The CVSS v3.0 base score is 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating low confidentiality impact with no integrity or availability impact [1].

Mitigation

IBM has released a fix. Affected users should update to the latest version of IBM Guardium Data Encryption. Apply the patch as referenced in the IBM support page [1]. No workaround is mentioned in the reference.

References

IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Guardium Cloud Key Managerllm-fuzzy
Range: 1.10.3
IBM/Guardium Key Lifecycle Managercpe-rescue
Range: 1.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/6995161mitrevendor-advisory
exchange.xforce.ibmcloud.com/vulnerabilities/248133mitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000