Benjamin Dixon

**Name of the Vulnerable Software and Affected Versions** IBM Guardium Data Protection version 12.1 **Description** An administrative user can perform directory traversal on the system. By sending a specially crafted URL request containing dot dot sequences ('/../'), an attacker can write arbitrary files to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Guardium Data Protection version 12.1 **Description** Stored cross-site scripting allows an administrative user to embed arbitrary JavaScript code in the Web UI. This can alter intended functionality and potentially lead to the disclosure of credentials within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Guardium Data Protection version 12.1 **Description** Cross-site scripting allows an administrative user to embed arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the disclosure of credentials within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.