Ibm Guardium Data Protection vulnerabilities

CVE-2026-8405 [MEDIUM] CWE-200 CVE-2026-8405: IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.

CVE-2026-4917 [MEDIUM] CWE-22 CVE-2026-4917: IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

CVE-2026-4919 [MEDIUM] CWE-79 CVE-2026-4919: IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2026-1274 [MEDIUM] CWE-840 CVE-2026-1274: IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.

CVE-2026-4918 [MEDIUM] CWE-79 CVE-2026-4918: IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2026-1272 [MEDIUM] CWE-613 CVE-2026-1272: IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.

CVE-2025-36020 [HIGH] CWE-319 CVE-2025-36020: IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cl IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.

CVE-2025-3473 [MEDIUM] CWE-277 CVE-2025-3473: IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.