Skip to main content

IBM Guardium Data Protection CVE-2026-4918

| EUVDEUVD-2026-25133 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-22 ibm GHSA-pr8m-2c2c-5wf7
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 23, 2026 - 07:07 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 23:31 euvd
EUVD-2026-25133
Analysis Generated
Apr 22, 2026 - 23:31 vuln.today
Patch released
Apr 22, 2026 - 23:31 nvd
Patch available
CVE Published
Apr 22, 2026 - 23:26 nvd
MEDIUM 5.5

DescriptionCVE.org

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

Stored cross-site scripting in IBM Guardium Data Protection 12.1 allows high-privileged administrative users to inject malicious JavaScript into the Web UI, enabling credential theft and session hijacking within trusted administrative sessions. The vulnerability requires administrative privileges and does not trigger user interaction, allowing attackers with admin access to persistently compromise the confidentiality and integrity of the system. A patch is available from IBM.

Technical ContextAI

IBM Guardium Data Protection is a database security and audit solution that provides Web UI interfaces for administrative management. The vulnerability stems from improper input validation and output encoding in the Web UI layer, classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The stored nature of the XSS means malicious payloads are persisted in the application's backend storage and executed each time the affected page is rendered, affecting all users who access the compromised interface. This is particularly dangerous in administrative contexts where session tokens and sensitive credentials are readily available to JavaScript executing in the browser.

RemediationAI

Apply the vendor-released patch from IBM available at https://www.ibm.com/support/pages/node/7270422 for Guardium Data Protection 12.1.0. Consult the advisory for the specific patched version number and apply it to all affected instances. Until patching is complete, implement access controls restricting Web UI administrative access to trusted IP ranges and limit the number of users with administrative privileges. Disable administrative Web UI access if not actively required. Monitor administrative sessions and Web UI access logs for suspicious JavaScript injection attempts or unusual administrative activity. Review stored configurations and reports within the administrative interface for any injected malicious code post-compromise. Note that these compensating controls do not eliminate the vulnerability - patching is the primary remediation and should be prioritized.

Share

CVE-2026-4918 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy