Guardium Data Protection
Sign in to watchby IBM
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4918 | Med | 0.36 | 5.5 | 0.00 | Apr 23, 2026 | IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2026-4917 | Med | 0.32 | 4.9 | 0.00 | Apr 23, 2026 | IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system. | |
| CVE-2026-1274 | Med | 0.32 | 4.9 | 0.00 | Apr 23, 2026 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | |
| CVE-2026-4919 | Med | 0.31 | 4.8 | 0.00 | Apr 23, 2026 | IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2026-1272 | Low | 0.18 | 2.7 | 0.00 | Apr 23, 2026 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. |