CVE-2026-4917: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in IBM Guardium Data Protection
IBM Guardium Data Protection version 12. 1 contains a path traversal vulnerability (CWE-22) that could allow an administrative user to write arbitrary files on the system by sending specially crafted URL requests with directory traversal sequences. The vulnerability has a CVSS score of 4. 9, indicating medium severity. There is no information about an available patch or official remediation at this time. No known exploits are reported in the wild.
AI Analysis
Technical Summary
CVE-2026-4917 is a path traversal vulnerability in IBM Guardium Data Protection 12.1. It allows an administrative user to traverse directories beyond the intended restricted directory by using specially crafted URL requests containing '/../' sequences. This improper limitation of pathname access could enable the attacker to write arbitrary files on the system, potentially impacting system integrity. The vulnerability has a medium severity rating with a CVSS 3.1 base score of 4.9 (Network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, no availability impact). No patch or official remediation guidance has been published by IBM as of the data provided.
Potential Impact
An attacker with administrative privileges could exploit this vulnerability to write arbitrary files on the system, potentially leading to unauthorized modification of system files or configurations. There is no reported impact on confidentiality or availability. The vulnerability requires high privileges and network access but does not require user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted personnel only and monitor for suspicious URL requests containing directory traversal patterns. Avoid exposing the vulnerable service to untrusted networks. Follow IBM's official advisories for updates on remediation.
CVE-2026-4917: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in IBM Guardium Data Protection
Description
IBM Guardium Data Protection version 12. 1 contains a path traversal vulnerability (CWE-22) that could allow an administrative user to write arbitrary files on the system by sending specially crafted URL requests with directory traversal sequences. The vulnerability has a CVSS score of 4. 9, indicating medium severity. There is no information about an available patch or official remediation at this time. No known exploits are reported in the wild.
CVSS v3.1
Score 4.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-4917 is a path traversal vulnerability in IBM Guardium Data Protection 12.1. It allows an administrative user to traverse directories beyond the intended restricted directory by using specially crafted URL requests containing '/../' sequences. This improper limitation of pathname access could enable the attacker to write arbitrary files on the system, potentially impacting system integrity. The vulnerability has a medium severity rating with a CVSS 3.1 base score of 4.9 (Network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, no availability impact). No patch or official remediation guidance has been published by IBM as of the data provided.
Potential Impact
An attacker with administrative privileges could exploit this vulnerability to write arbitrary files on the system, potentially leading to unauthorized modification of system files or configurations. There is no reported impact on confidentiality or availability. The vulnerability requires high privileges and network access but does not require user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted personnel only and monitor for suspicious URL requests containing directory traversal patterns. Avoid exposing the vulnerable service to untrusted networks. Follow IBM's official advisories for updates on remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ibm
- Date Reserved
- 2026-03-26T17:42:57.635Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e95f0887115cfb6814189f
Added to database: 4/22/2026, 11:51:36 PM
Last enriched: 4/30/2026, 8:12:13 AM
Last updated: 6/6/2026, 2:05:48 PM
Views: 238
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.