IBM Guardium Data Protection
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Guardium Data Protection.
By the Year
In 2026 there have been 5 vulnerabilities in IBM Guardium Data Protection with an average score of 4.6 out of ten. Last year, in 2025 Guardium Data Protection had 2 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.74
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 4.56 |
| 2025 | 2 | 6.30 |
It may take a day or so for new Guardium Data Protection vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Guardium Data Protection Security Vulnerabilities
IBM Guardium 12.* Security Misconfiguration User Access Control
CVE-2026-1272
2.7 - Low
- April 22, 2026
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
Insufficient Session Expiration
IBM Guardium Data Protection Bypass Business Logic (12.012.2)
CVE-2026-1274
4.9 - Medium
- April 22, 2026
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.
Business Logic Errors
IBM Guardium DP 12.1 dir traversal -> arbitrary file write via crafted URL
CVE-2026-4917
4.9 - Medium
- April 22, 2026
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
Directory traversal
IBM Guardium DP 12.1 XSS: Stored XS via JS injection in Admin UI
CVE-2026-4918
5.5 - Medium
- April 22, 2026
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Guardium DP 12.1 XSS Allows Admin JS Injection & Credential Leak
CVE-2026-4919
4.8 - Medium
- April 22, 2026
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Guardium Data Protection Cleartext Credential Transmission
CVE-2025-36020
5.9 - Medium
- August 06, 2025
IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
Cleartext Transmission of Sensitive Information
IBM Security Guardium 12.1 Priv Esc via Inherited Perms
CVE-2025-3473
6.7 - Medium
- June 11, 2025
IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
Insecure Inherited Permissions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Guardium Data Protection or by IBM? Click the Watch button to subscribe.
