Skip to main content

IBM Guardium Data Protection CVE-2026-4919

| EUVDEUVD-2026-25134 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-22 ibm GHSA-5qjr-q267-wc42
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 23, 2026 - 07:01 vuln.today
EUVD ID Assigned
Apr 22, 2026 - 23:31 euvd
EUVD-2026-25134
Analysis Generated
Apr 22, 2026 - 23:31 vuln.today
Patch released
Apr 22, 2026 - 23:31 nvd
Patch available
CVE Published
Apr 22, 2026 - 23:23 nvd
MEDIUM 4.8

DescriptionCVE.org

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

Stored cross-site scripting (XSS) in IBM Guardium Data Protection 12.1 through 26.0.0.4 allows authenticated administrative users to inject arbitrary JavaScript into the Web UI, enabling credential theft and session hijacking of other administrators within a trusted session. The vulnerability requires administrative privileges and user interaction (clicking a malicious link or visiting a crafted page), limiting its scope but maintaining high impact for multi-admin environments. EPSS context and active exploitation status are not publicly confirmed at this time.

Technical ContextAI

This is a classic stored/persistent XSS vulnerability (CWE-79) in a web-based management interface. The Guardium Data Protection Web UI fails to properly sanitize or encode user-supplied input before reflecting it in responses served to subsequent users. Administrative users can embed arbitrary JavaScript payloads in fields or parameters that are stored and later rendered without proper HTML entity encoding, allowing the JavaScript to execute in the browser context of any user viewing the affected page. This is particularly dangerous in a Guardium environment because the Web UI typically manages sensitive database encryption keys, audit logs, and access policies. CPE data confirms all versions of Guardium Data Protection (product identifier cpe:2.3:a:ibm:guardium_data_protection) are potentially affected, with the EUVD advisory specifying versions 12.1 through 26.0.0.4 as vulnerable.

RemediationAI

IBM has released patched versions; users should upgrade to the latest available build beyond 26.0.0.4 as specified in the vendor advisory https://www.ibm.com/support/pages/node/7270422. If immediate upgrade is not feasible, implement the following compensating controls with noted trade-offs: (1) Restrict administrative Web UI access to specific IP ranges or VPN-only access using network controls - this reduces exposure but may complicate legitimate remote admin activities; (2) Enforce multi-factor authentication (MFA) for all administrative accounts if Guardium supports it - this mitigates the attack vector of compromised admin credentials but adds authentication latency; (3) Disable or restrict JavaScript execution in the Guardium Web UI via browser-level CSP (Content Security Policy) headers if the vendor configuration allows - verify this does not break legitimate administrative features; (4) Monitor admin account activity logs for anomalous JavaScript injection attempts or suspicious data access patterns. The primary mitigation remains patching to a version beyond 26.0.0.4.

Share

CVE-2026-4919 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy