This page lists publicly disclosed CVE vulnerabilities affecting ibm security_guardium (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-25029 | IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. | [email protected] | 4.9 | 0.18% | 2025-05-28 | 2025-06-04 |
| CVE-2025-25026 | IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | [email protected] | 4.3 | 0.09% | 2025-05-28 | 2025-06-04 |
| CVE-2025-25025 | IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | [email protected] | 4.3 | 0.05% | 2025-05-28 | 2025-06-04 |
| CVE-2025-3440 | IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.5 | 0.17% | 2025-05-15 | 2025-06-20 |
| CVE-2025-25023 | IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment. | [email protected] | 4.9 | 0.16% | 2025-04-09 | 2025-06-20 |
| CVE-2024-49336 | IBM Security Guardium 11.5 and 12.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | [email protected] | 6.5 | 0.07% | 2024-12-19 | 2025-11-05 |
| CVE-2023-47710 | IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525. | [email protected] | 5.4 | 0.11% | 2024-05-24 | 2025-01-08 |
| CVE-2023-47717 | IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690. | [email protected] | 4.4 | 0.05% | 2024-05-16 | 2025-06-13 |
| CVE-2023-47712 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527. | [email protected] | 7.8 | 0.04% | 2024-05-14 | 2025-01-14 |
| CVE-2023-47711 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | [email protected] | 2.7 | 0.04% | 2024-05-14 | 2025-01-14 |
| CVE-2023-47709 | IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524. | [email protected] | 9.1 | 0.40% | 2024-05-14 | 2025-01-14 |
| CVE-2023-42004 | IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | [email protected] | 8.0 | 0.12% | 2023-11-28 | 2024-11-21 |
| CVE-2022-43906 | IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | [email protected] | 3.1 | 0.08% | 2023-10-04 | 2024-11-21 |
| CVE-2022-43903 | IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894. | [email protected] | 4.3 | 0.03% | 2023-09-05 | 2024-11-21 |
| CVE-2022-43904 | IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895. | [email protected] | 7.5 | 0.08% | 2023-08-28 | 2024-11-21 |
| CVE-2023-33852 | IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614. | [email protected] | 7.6 | 0.15% | 2023-08-27 | 2024-11-21 |
| CVE-2023-30437 | IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293. | [email protected] | 5.3 | 0.14% | 2023-08-27 | 2024-11-21 |
| CVE-2023-30436 | IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292. | [email protected] | 5.5 | 0.10% | 2023-08-27 | 2024-11-21 |
| CVE-2023-30435 | IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291. | [email protected] | 8.9 | 0.10% | 2023-08-27 | 2024-11-21 |
| CVE-2022-43909 | IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905. | [email protected] | 4.6 | 0.17% | 2023-08-27 | 2024-11-21 |