Skip to main content

IBM Guardium Data Protection CVE-2026-4917

| EUVDEUVD-2026-25132 MEDIUM
Path Traversal (CWE-22)
2026-04-23 psirt@us.ibm.com GHSA-88m7-mxf9-v644
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 23, 2026 - 07:02 vuln.today
EUVD ID Assigned
Apr 23, 2026 - 00:22 euvd
EUVD-2026-25132
Analysis Generated
Apr 23, 2026 - 00:22 vuln.today
CVE Published
Apr 23, 2026 - 00:16 nvd
MEDIUM 4.9

DescriptionCVE.org

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

AnalysisAI

Arbitrary file write vulnerability in IBM Guardium Data Protection 12.1 allows authenticated administrative users to traverse directories and write files to arbitrary locations via specially crafted URLs containing path traversal sequences (/../). The vulnerability requires high-privilege admin credentials and network access but results in integrity compromise without requiring user interaction, making it a post-authentication privilege abuse risk for organizations running this data protection platform.

Technical ContextAI

The vulnerability exploits improper input validation in URL handling within Guardium Data Protection's web interface. The underlying issue is a path traversal flaw (CWE-22) where the application fails to sanitize or canonicalize user-supplied file paths before processing directory operations. Attackers can inject directory traversal sequences (dot-dot-slash patterns: /../) to escape intended directory boundaries and access the broader filesystem. This type of flaw commonly occurs in web applications and APIs that construct file paths dynamically from user input without proper validation against directory escape attempts. The CPE context indicates this affects IBM Guardium Data Protection version 12.1 specifically.

RemediationAI

Apply the vendor-released patch from IBM PSIRT as documented at https://www.ibm.com/support/pages/node/7270422. Upgrade IBM Guardium Data Protection 12.1 to the patched maintenance release specified in that advisory. If patching cannot be immediately deployed, implement compensating controls: restrict network access to the Guardium administrative interface to trusted IP ranges or VPN gateways only, use a reverse proxy or WAF with path traversal detection rules to block requests containing /../ sequences, disable administrative web interface if it is not actively required and use alternative administration methods (CLI, out-of-band management), and implement robust audit logging and alerting on administrative file operations to detect exploitation attempts. Each control has trade-offs: network segmentation may limit legitimate remote administration, WAF rules require careful tuning to avoid false positives, interface disablement reduces operational flexibility, and logging increases storage overhead but provides forensic value.

Share

CVE-2026-4917 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy