Skip to main content

Guardium Data Protection CVE-2026-8405

| EUVDEUVD-2026-32501 MEDIUM
Information Exposure (CWE-200)
2026-05-27 psirt@us.ibm.com GHSA-xvcj-65f9-8jg3
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 21:18 vuln.today

DescriptionCVE.org

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.

AnalysisAI

Credential exposure in IBM Guardium Data Protection's Long Term Retention (LTR) add-on feature allows authenticated network users to obtain sensitive credentials when the system is operating in debug mode. Affected versions are 12.2.1 (up to and including Fix Pack 4.4.7 Fix Pack 1) and 12.2.2. The high confidentiality impact (C:H) reflects that fully valid credentials - not just partial data - may be disclosed, potentially enabling lateral movement or privilege escalation within the data protection infrastructure. No public exploit has been identified at time of analysis, and SSVC assessment confirms no active exploitation.

Technical ContextAI

IBM Guardium Data Protection is an enterprise database activity monitoring and data security platform. The 'Long Term Retention' (LTR) module is an add-on feature responsible for archiving audit data over extended periods. The root cause is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor): when debug mode is active, the LTR component writes or surfaces sensitive credentials - likely service account tokens, database connection strings, or encryption keys - into debug output accessible to authenticated users. The CVSS vector AV:N/AC:L/PR:L/UI:N indicates the vulnerable surface is reachable over the network with low-complexity exploitation and only low-level privileges required, consistent with a debug logging or verbose error output pathway that any authenticated user could trigger or observe.

RemediationAI

Consult the IBM advisory at https://www.ibm.com/support/pages/node/7273657 for the official patch. Based on the EUVD affected version listing, a fix is expected beyond Fix Pack 4.4.7 Fix Pack 1 for the 12.2.1 branch; the exact patched version is not independently confirmed from the available source data - verify the specific fix level against the IBM advisory before deploying. As an immediate compensating control, disable debug mode on all LTR instances in production environments; this directly eliminates the credential exposure pathway with no functional impact on normal LTR archival operations. Additionally, restrict access to Guardium management interfaces to only authorized administrators using network-layer ACLs, limiting the pool of authenticated users who could reach the debug output. Review Guardium audit logs for any recent debug mode activations by non-administrative accounts.

Share

CVE-2026-8405 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy