Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
AnalysisAI
Stored cross-site scripting (XSS) in IBM Guardium Data Protection 12.1 through 26.0.0.4 allows authenticated administrative users to inject arbitrary JavaScript into the Web UI, enabling credential theft and session hijacking of other administrators within a trusted session. The vulnerability requires administrative privileges and user interaction (clicking a malicious link or visiting a crafted page), limiting its scope but maintaining high impact for multi-admin environments. EPSS context and active exploitation status are not publicly confirmed at this time.
Technical ContextAI
This is a classic stored/persistent XSS vulnerability (CWE-79) in a web-based management interface. The Guardium Data Protection Web UI fails to properly sanitize or encode user-supplied input before reflecting it in responses served to subsequent users. Administrative users can embed arbitrary JavaScript payloads in fields or parameters that are stored and later rendered without proper HTML entity encoding, allowing the JavaScript to execute in the browser context of any user viewing the affected page. This is particularly dangerous in a Guardium environment because the Web UI typically manages sensitive database encryption keys, audit logs, and access policies. CPE data confirms all versions of Guardium Data Protection (product identifier cpe:2.3:a:ibm:guardium_data_protection) are potentially affected, with the EUVD advisory specifying versions 12.1 through 26.0.0.4 as vulnerable.
RemediationAI
IBM has released patched versions; users should upgrade to the latest available build beyond 26.0.0.4 as specified in the vendor advisory https://www.ibm.com/support/pages/node/7270422. If immediate upgrade is not feasible, implement the following compensating controls with noted trade-offs: (1) Restrict administrative Web UI access to specific IP ranges or VPN-only access using network controls - this reduces exposure but may complicate legitimate remote admin activities; (2) Enforce multi-factor authentication (MFA) for all administrative accounts if Guardium supports it - this mitigates the attack vector of compromised admin credentials but adds authentication latency; (3) Disable or restrict JavaScript execution in the Guardium Web UI via browser-level CSP (Content Security Policy) headers if the vendor configuration allows - verify this does not break legitimate administrative features; (4) Monitor admin account activity logs for anomalous JavaScript injection attempts or suspicious data access patterns. The primary mitigation remains patching to a version beyond 26.0.0.4.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25134
GHSA-5qjr-q267-wc42