Skip to main content

IBM Guardium Data Protection EUVDEUVD-2026-25121

| CVE-2026-1272 LOW
Insufficient Session Expiration (CWE-613)
2026-04-23 psirt@us.ibm.com GHSA-rr6g-4537-6ppf
2.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 23, 2026 - 07:01 vuln.today
EUVD ID Assigned
Apr 23, 2026 - 00:22 euvd
EUVD-2026-25121
Analysis Generated
Apr 23, 2026 - 00:22 vuln.today
CVE Published
Apr 23, 2026 - 00:16 nvd
LOW 2.7

DescriptionCVE.org

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.

AnalysisAI

IBM Guardium Data Protection 12.0 through 12.2 contains a security misconfiguration in the user access control panel that allows high-privilege administrators to modify integrity settings without proper authorization constraints. The vulnerability is remotely accessible and requires existing administrative credentials, resulting in limited integrity impact with no confidentiality or availability effect. CVSS score of 2.7 reflects the low risk profile due to required administrative authentication and minimal scope of impact.

Technical ContextAI

The vulnerability stems from improper access control implementation (CWE-613) within Guardium Data Protection's user access control panel. This class of flaw typically involves missing or misconfigured authentication/authorization checks that fail to properly validate that users have legitimate permissions before allowing sensitive operations. The network-accessible nature of the vulnerability indicates the affected component is exposed through Guardium's web management interface or API layer. Administrative privileges are required to trigger the issue, suggesting the misconfiguration exists in role-based access control logic that inadequately validates high-privilege operations even after successful authentication.

RemediationAI

IBM has released patches for the affected versions; consult the IBM support page at https://www.ibm.com/support/pages/node/7269445 for the specific patched build numbers. Organizations should upgrade to a patched build within their current major version or migrate to version 12.3 or later if available. As an interim compensating control, restrict administrative access to the user access control panel to only those administrators who legitimately require the ability to manage user permissions, implement mandatory access reviews for administrative accounts with panel access, and enable audit logging of all changes made within the access control panel to detect unauthorized modifications. Monitor access control panel logs for suspicious administrative activity. These controls do not prevent the vulnerability but significantly limit exposure and provide detection capability until patching is completed.

Share

EUVD-2026-25121 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy