Description
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
Published: 2026-04-22
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Patch
AI Analysis

Impact

IBM Guardium Data Protection versions 12.0, 12.1 and 12.2 contain a security misconfiguration in the user access control panel that may allow an attacker to add, modify or delete user privileges. This weakness can lead to unauthorized access to the system, potentially exposing sensitive data, configurations or monitoring information. The vulnerability is categorized under CWE-613, which highlights failures in security monitoring and configuration.

Affected Systems

Vendors: IBM Guardium Data Protection. Affected product releases include 12.0, 12.1 and 12.2. The affected configuration is the management access control panel accessed through the product’s web or network interface.

Risk and Exploitability

The CVSS score is 2.7, indicating low to moderate risk, and the EPSS score is less than 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is remote access to the Guardium management interface; an attacker would need to exploit the misconfigured permissions to elevate privileges. Although the risk is modest, the potential impact on confidentiality and integrity makes remediation important.

Generated by OpenCVE AI on April 28, 2026 at 20:40 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly.  ProductVersions FixIBM Guardium Data Protection12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.0&platform=Linux&function=fixId&fixids=SqlGuard-12.0p55_Bundle&includeSupersedes=0&source=fc IBM Guardium Data Protection12.1 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.1&platform=Linux&function=fixId&fixids=SqlGuard-12.0p140_Bundle&includeSupersedes=0&source=fc IBM Guardium Data Protection12.2 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.2&platform=Linux&function=fixId&fixids=SqlGuard-12.0p210_GPU_Dec_2025_V12.2.1_FC&includeSupersedes=0&source=fc

OpenCVE Recommended Actions

  • Apply the IBM patch bundle for the latest Guardium Data Protection version (12.0p55, 12.1p140 or 12.2p210 as appropriate).
  • Verify that all user accounts are assigned the principle of least privilege and remove any unnecessary administrative permissions.
  • Restrict access to the Guardium management interface to trusted IP ranges by configuring firewall or ACL rules.

Generated by OpenCVE AI on April 28, 2026 at 20:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
Title IBM Guardium Data Protection is affected by multiple vulnerabilities
First Time appeared Ibm
Ibm guardium Data Protection
Weaknesses CWE-613
CPEs cpe:2.3:a:ibm:guardium_data_protection:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_data_protection:12.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_data_protection:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_data_protection:12.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_data_protection:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:guardium_data_protection:12.2:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm guardium Data Protection
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Ibm Guardium Data Protection
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-23T16:23:59.338Z

Reserved: 2026-01-20T21:47:46.979Z

Link: CVE-2026-1272

cve-icon Vulnrichment

Updated: 2026-04-23T13:57:42.440Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T00:16:44.407

Modified: 2026-04-27T18:23:48.833

Link: CVE-2026-1272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:45:16Z

Weaknesses