CVE-2026-8405

Vulnerability

IBM Guardium Data Protection versions 12.2.1 and 12.2.2, when using the "Long Term Retention" (LTR) add-on feature, can expose sensitive credentials in debug mode. The vulnerability is due to a flaw in the debug logging process that includes credentials in the output [1]. No additional configuration beyond enabling the LTR feature is required for the code path to be reachable.

Exploitation

An attacker must have network access to the system and a valid low-privileged (authenticated) user account, as the CVSS vector indicates privileges are required (PR:L) and no user interaction is needed (UI:N) [1]. The attacker triggers debug mode on the LTR component, either by manipulating runtime settings or through normal administrative actions that enable verbose logging. The exact sequence of steps is not publicly detailed, but the attacker would then retrieve the debug logs containing the exposed credentials.

Impact

A successful attack results in the disclosure of sensitive credentials (confidentiality impact: HIGH). The attacker gains unauthorized access to credential information that can be used for further compromise or lateral movement within the environment. Integrity and availability are not affected [1].

Mitigation

IBM has addressed this vulnerability in an update; customers are encouraged to apply the latest fix as referenced in the vendor advisory [1]. No workarounds are listed by IBM. The product versions 12.2.1 and 12.2.2 are affected. The CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.