Executive Summary

CVE-2026-1272 is a Security Misconfiguration vulnerability found in IBM Guardium Data Protection versions 12.0, 12.1, and 12.2. It is related to insufficient session expiration in the user access control panel, meaning that sessions may not properly expire as intended.

This vulnerability is classified under CWE-613 (Insufficient Session Expiration) and has a CVSS 3.1 base score of 2.7, indicating a low severity issue that requires high privileges to exploit and does not impact confidentiality or availability but has a low impact on integrity.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability could allow an attacker with high privileges to exploit the insufficient session expiration in the user access control panel, potentially leading to low integrity issues.

Since the vulnerability does not affect confidentiality or availability, the impact is limited, but improper session handling could allow unauthorized actions or changes within the system if sessions remain active longer than intended.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability CVE-2026-1272 in IBM Guardium Data Protection versions 12.0, 12.1, and 12.2 is caused by insufficient session expiration in the user access control panel.

There are no known workarounds or mitigations other than applying the official updates provided by IBM.

• Promptly apply the security updates released by IBM for the affected versions (12.0, 12.1, and 12.2) to remediate the issue.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how CVE-2026-1272 affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0