IBM Security Guardium

IBM Guardium Data Protection Cleartext Credential Transmission
CVE-2025-36020 5.9 - Medium - August 06, 2025

IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.

Cleartext Transmission of Sensitive Information

IBM Security Guardium 12.1 Priv Esc via Inherited Perms
CVE-2025-3473 6.7 - Medium - June 11, 2025

IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.

Insecure Inherited Permissions

IBM Guardium 12.0 Privileged User File Download via Unescaped Input
CVE-2025-25029 6.5 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.

Output Sanitization

IBM Security Guardium 12.0 Auth Check Bypass
CVE-2025-25026 4.3 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.

AuthZ

IBM Security Guardium 12.0 Information Disclosure via Detailed Error Messages
CVE-2025-25025 5.3 - Medium - May 28, 2025

IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Generation of Error Message Containing Sensitive Information

IBM Guardium 11.5 WebUI Stored XSS — Privileged User Can Inject JS
CVE-2025-3440 5.5 - Medium - May 15, 2025

IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Guardium 11.4 File Read via Wrong Priv Assignment
CVE-2025-25023 4.9 - Medium - April 09, 2025

IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.

Incorrect Privilege Assignment

IBM Security Guardium SSRF Vulnerability
CVE-2024-49336 5.4 - Medium - December 19, 2024

IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

SSRF

IBM Security Guardium <=12.0 XSS via Web UI (CVE-2023-47710)
CVE-2023-47710 5.4 - Medium - May 24, 2024

IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525.

XSS

IBM Guardium 12.0 DoS via Privileged User Unauthorized Actions
CVE-2023-47717 - May 16, 2024

IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690.

IBM Guardium <=12.0 DoS via Authenticated File Upload
CVE-2023-47711 6.5 - Medium - May 14, 2024

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526.

Unrestricted File Upload

IBM Security Guardium 11.3-12.0: Local Priv Escalation via Improper Perms
CVE-2023-47712 - May 14, 2024

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.

Incorrect Permission Assignment for Critical Resource

Remote Authenticated Cmd Exec in IBM Security Guardium 11.3-12.0 via Crafted Request
CVE-2023-47709 8.8 - High - May 14, 2024

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.

Shell injection

IBM Guardium CSV Injection Vulnerability (v11.3-11.5)
CVE-2023-42004 8.8 - High - November 28, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.

CSV Injection

IBM Security Guardium 11.5 SameSite Cookie Disclosure
CVE-2022-43906 5.3 - Medium - October 04, 2023

IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.

IBM Security Guardium 10.611.4 DoS via Improper Input Validation
CVE-2022-43903 6.5 - Medium - September 05, 2023

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

IBM Security Guardium 11.3-11.4 Auth Attempt Bypass Causing Info Disclosure
CVE-2022-43904 7.5 - High - August 28, 2023

IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.

Improper Restriction of Excessive Authentication Attempts

IBM Guardium 11.4 Remote Authenticated RCE via Crafted Request
CVE-2022-43907 8.8 - High - August 27, 2023

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.

Shell injection

IBM Guardium 11.4 XSS via Web UI Allows JS Injection
CVE-2022-43909 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905.

XSS

IBM Guardium XSS Vulnerability (cve-2023-30435) in 11.3/11.4/11.5 Web UI
CVE-2023-30435 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.

XSS

IBM Security Guardium 11.3-11.5 Web UI XSS Enables JavaScript and Credential Exposure
CVE-2023-30436 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.

XSS

IBM Guardium 11.x Username Enumeration via Crafted HTTP
CVE-2023-30437 5.3 - Medium - August 27, 2023

IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.

IBM Security Guardium 11.4 SQLi in Monitoring Component
CVE-2023-33852 5.4 - Medium - August 27, 2023

IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.

SQL Injection

IBM Security Guardium 10.6-11.5 Remote Auth RPC Command Exec
CVE-2023-35893 8.8 - High - August 16, 2023

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.

Shell injection

IBM Security Guardium 11.5: Session Expiration Inadequacy Enables Takeover
CVE-2023-0041 8.8 - High - June 05, 2023

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.

Insufficient Session Expiration

Privileged User Data Leak via HTTP Response in IBM Security Guardium 11.4
CVE-2022-39166 4.9 - Medium - December 20, 2022

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.

Plain Text Credential Storage Vulnerability in IBM Guardium 10.5-11.4
CVE-2021-39077 4.4 - Medium - November 03, 2022

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

Cleartext Storage of Sensitive Information

IBM Security Guardium 11.4 is vulnerable to cross-site scripting
CVE-2021-39074 6.1 - Medium - June 29, 2022

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key
CVE-2020-4690 9.8 - Critical - September 23, 2021

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

Use of Hard-coded Credentials

IBM Security Guardium 11.3 could
CVE-2021-20377 - September 23, 2021

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information
CVE-2021-20433 - September 15, 2021

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs
CVE-2021-20420 - August 11, 2021

IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281.

IBM Security Guardium 11.2 does not require
CVE-2021-20418 - August 11, 2021

IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials
CVE-2021-20427 - August 11, 2021

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key
CVE-2021-20426 - May 24, 2021

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms
CVE-2021-20419 - May 24, 2021

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user
CVE-2021-20389 - May 24, 2021

IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.

IBM Security Guardium 11.2 could
CVE-2021-20428 - May 24, 2021

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.

IBM Security Guardium 11.2 could
CVE-2021-20557 - May 24, 2021

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system
CVE-2021-20385 - May 24, 2021

IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.

IBM Security Guardium 11.2 is vulnerable to SQL injection
CVE-2020-4990 8.8 - High - May 24, 2021

IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.

SQL Injection

IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2021-20386 - May 24, 2021

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195767.

IBM Security Guardium 11.2 performs an operation at a privilege level
CVE-2020-4184 7.3 - High - March 15, 2021

IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802..

Improper Privilege Management

IBM Security Guardium 11.2 is vulnerable to CVS Injection
CVE-2020-4689 6.8 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.

Injection

IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4681 5.4 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427.

XSS

IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4680 5.4 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426.

XSS

IBM Security Guardium 11.2 is vulnerable to cross-site scripting
CVE-2020-4679 4.8 - Medium - October 12, 2020

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424.

XSS

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to
CVE-2020-4678 4.9 - Medium - October 12, 2020

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423.

Information Disclosure

IBM Security Guardium 10.5, 10.6, and 11.0 could
CVE-2018-1501 - August 26, 2020

IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226.

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page
CVE-2020-4186 5.3 - Medium - July 30, 2020

IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.

Information Disclosure