CVE-2026-4917

· NIST NVD ↗

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

MEDIUM
CVSS severity
4.9
CVSS base score
2026-04-23
Published

CWE codes

CWE-22

Affected products

ibm:guardium_data_protection

Sources