IBM Support

Release of Guardium Data Protection patch 12.0p7135

Release Notes


Abstract

This technical note provides guidance for installing IBM Guardium Data Protection patch 12.0p7135, including any new features or enhancements, resolved or known issues, or notices associated with the patch.

Content

Patch information
  • Patch file name: SqlGuard-12.0p7135_Bundle_Mar_06_2026.tgz.enc.sig
  • MD5 checksum: fc604f75675a255b18e092f3c226f26c
 

Finding the patch

  1. Select the following options to download this patch on the IBM Fix Central website and click Continue.
    • Product selector: IBM Security Guardium
    • Installed Version: 12.1
    • Platform: All
  2. On the "Identify fixes" page, select Browse for fixes and click Continue.
  3. On the "Select fixes" page, select Appliance Bundle. Then, enter the patch information in the Filter fix details field to locate the patch.
 
For information about Guardium patch types and naming conventions, see the Understanding Guardium patch types and patch names support document.
 
 
Prerequisites
  • Guardium Data Protection 12.1 (see release note)
  • The latest Guardium Data Protection health check patch 12.0p9997
 
 

Installation

Notes:
  • This patch is a replacement for appliance bundle 12.0p135 that includes fixes for version 12.1.
  • This patch is cumulative and includes all the fixes from previously released patches.
  • This patch restarts the Guardium system.
  • Do not reboot the appliance while the patch install is in progress. Contact IBM Support if there is an issue with patch installation.
  • When changing the password of CLI and guardcli users in the Guardium command line interface, a password strength warning appears even when strong passwords are not enabled. To remove the strong password checks, execute the CLI command store user strong_password disable.
 
Overview:
  1. Download the patch and extract the compressed package outside the Guardium system.
  2. Review the latest version of the patch release note just before you install the patch.
  3. Pick a "quiet" or low-traffic time to install the patch on the Guardium system.
  4. Apply the latest health check patch.
  5. Install patches in a top-down manner on all Guardium systems: start with the central manager, then aggregators, then the collectors.
  6. Apply the latest quarterly DPS patch and rapid response DPS patch.
 
For information about installing Guardium Data protection patches, see How to install patches in the Guardium documentation.
 
 
Attention
 

Guardium patch signing certificate expired on 29 March 2025
The previous patch signing certificate for Guardium appliance patches expired on 29 March 2025. Guardium appliance patches are signed by an internal certificate to validate that the patch is created by Guardium. Unsigned patch files cannot be installed. This patch is signed by the new patch signing certificate. Therefore, to install this patch, the patch signing certificate on your Guardium appliance must first be updated. For more information, see IBM Guardium - Patch signing certificate set to expire in March 2025 or contact IBM Support.

IBM Db2 for z/OS JDBC driver update       
In 12.0p115 (see release note), the IBM Db2 for z/OS JDBC driver in Guardium Vulnerability Assessment is updated to support IBM Db2 13 for z/OS, which enables TLS 1.3 and other advantages. You might need to update your IBM Db2 JDBC license. If so, test your connection in a staging environment and contact the IBM Db2 Support team if licensing issues arise. For assistance, open a case at ibm.com/mysupport.

 

Enhancements
This patch includes the following enhancements.
 
Issue keySummary
GRD-84386Implement robust back-end auditing to identify appliance changes made with root access
GRD-95506Implement back-end API in central manager that calls a function of testConnector in KafkaConnectClient.java
GRD-95668Add cruise control .jar files and Java 17 SDK
GRD-101168Add SSL authentication support for Teradata database connections
GRD-102632Report domain for real-time trust evaluator
GRD-106751 
GRD-109640 
GRD-111924 
GRD-112267 		Enterprise load balancing for universal connectors
GRD-108197Ability to import custom trusted certificate chain to authenticate TLS connections to support S3-compatible storage
GRD-110014Changes to the outliers‚ input DM from GDP - GDP side
 
 
Resolved issues
This patch resolves the following issues.
 
PatchIssue keySummaryKnown issue (APAR)
12.0p125 This patch includes resolved issues from 12.0p125 (see release note) 
12.0p7135GRD-92214Catalog archive entry disappears from the search result of the Catalog Archive page after Host Name or Path fields are updatedDT426077
 GRD-93299Vulnerability "HTTP Verb Tampering" observed on Guardium appliances after penetration testingDT439632
 GRD-96278Adding timestamp, timezone information to universal connector must_gather 
 GRD-97815Issue with proxy functionality support 
 GRD-101451"Connection closed before we received a valid response" error when saving Data Archive configuration with Dell ECS protocolDT446545
 GRD-101834Version 12 latest bundles reinstall GIM and CAS default certs after the ad hoc patch 12.1103 removes themDT443072
 GRD-102117Error when trying to generate automatic report from audit process builder to search for information related to a privacy setDT446590
 GRD-102717Command 'show remotelog test' sends message with MARK priority to SIEM that was not logged to Guardium messages log fileDT446520
 GRD-102722When using the command grdapi list_expiration_dates_for_restored_days to list restored data info, it fails with "Returned ERR=3000" messageDT444670
 GRD-102797JDBC connection to a Microsoft SQL datasource fails with message "Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication" if the password contains the backslash special characterDT446539
 GRD-103092DPS file upload has wrong file name, wrong version, or wrong dateDT448785
 GRD-103387Requesting capability to filter alert messages from syslog included in resulting files from must_gather commandsDT446434
 GRD-103728Change Tracker Alive Task might fail in LD due to lack of alive check concurrency with timeout limit 
 GRD-103838If there are multiple Active Threat Analytics cases in the central manager, collectors now use EI_CASE_ID and sourceUnit (collector hostname) to fetch the record for updateDT446510
 GRD-104440Fileserver not working. The URL returned by the fileserver command fails to open.DT447272
 GRD-104758LDAP authentication for CLI users not working for appliances with AMD EPYC processorsDT449611
 GRD-105491Searching for anything in the GUI search bar does not respondDT451443
 GRD-105633Version 12.0p35 - Remotelog quit sending syslog events and did not auto-recoverDT450593
 GRD-106406IBM Storage Protect Client installed on Guardium appliance contains libxmlutil library that is vulnerable to several CVEsDT448724
 GRD-106484Error message "Unable to connect to UI Server. Verify that server is operational and try again" appears on the GUI screen while attempting to update several datasources in bulkDT448683
 GRD-106949Unable to log into the GUI on appliance configured to authenticate with SSO SAMLDT448715
 GRD-109178"This system is not licensed for the SQL application Policy Install" message appears when trying to use File Activity Monitor (FAM) pages on the GUIDT452475
 GRD-109234System backup failed due to "mysqldump: Error 1412: Table definition has changed, please retry transaction when dumping table 'MY_TEMP_SESSIONS' at row: 0"DT452530
 GRD-110653DB2 on z/OS Vulnerability Assessment scan results show "Unsupported Security PTF patch detected" message for DB2 z/OS APAR PTFs starting with 'UO' prefixDT454625
 GRD-111233Unable to remove menu items from the GUI from a specific user role DT453666
 GRD-111304Improved logging retry mechanismDT454948
 GRD-111709Unable to import customer-signed GUI certificate (PFX/PKCS12)DT457707
 GRD-111789Guardium and CyberArk integration for datasource external credentials 
 GRD-112324Guardium appliances stopped sending mailsDT458928
 GRD-113956Failure accessing reports in a shared dashboardDT457609
 GRD-114046Same policy shows several times on GUI on the collector DT455569
 GRD-121159, GRD-120583Fixed an issue in the previously released appliance bundle 12.0p135 that might result in a continuous increase of file‑handling activity, leading to appliance instability. For more information, see Applying patch 12.0p135 may cause increased file handling and instability on Guardium 12.1 appliances. 
 
 
Security fixes
This patch resolves the following issues.
 
PatchIssue keySummaryCVE
12.0p125 This patch includes security fixes from 12.0p125 (see release note) 
12.0p7135GRD-100475Tenable Scan - protobuf rpm updateCVE-2022-1941
 GRD-100563Tenable Scan - git rpm updateCVE-2024-52005, CVE-2025-46835, CVE-2024-50349, CVE-2025-27614, CVE-2025-27613, CVE-2024-52006, CVE-2025-48385, CVE-2025-48384
 GRD-111470PSIRT: PVR0679977 issue with Azure Marketplace image 
 GRD-100564Tenable Scan - xdg-utils rpm updateCVE-2022-4055
 GRD-100565Tenable Scan - podman rpm updateCVE-2025-27144, CVE-2025-22869
 GRD-100567Tenable Scan - buildah rpm updateCVE-2025-27144, CVE-2025-22871
 GRD-100807Tenable and Qualys Scan : expat rpm updateCVE-2024-8176
 GRD-100808Tenable Scan - glibc rpm updateCVE-2025-0395
 GRD-100813Tenable Scan - podman updateCVE-2025-22869, CVE-2025-22871, CVE-2025-6032
 GRD-101785Qulays Scan : Vim rpm updateCVE-2023-4752
 GRD-101791Qualys Scan: avahi rpm updateCVE-2024-52616, CVE-2024-52615
 GRD-102092PSIRT: PVR0668193 - commons-beanutils-1.9.2.jar (Publicly disclosed vulnerability found by Mend) - KafkaCVE-2025-48734
 GRD-102363Qulays Scan : libxslt rpm updateCVE-2024-55549
 GRD-105431PSIRT: PVR0656925 - cxf-core-3.5.10.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-48795
 GRD-105434PSIRT: PVR0657625 - reactor-netty-http-1.0.7.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-22227
 GRD-105437Tenable Scan - glib2 rpm updateCVE-2024-52533, CVE-2025-4373
 GRD-105440Tenable Scan - socat rpm updateCVE-2024-54661
 GRD-105443Tenable Scan - glibc rpm updateCVE-2025-4802, CVE-2025-5702, CVE-2025-8058
 GRD-105449PSIRT: PVR0656083 - commons-lang-2.3.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-48924
 GRD-105452Tenable Scan - perl-FCGI updateCVE-2025-40907
 GRD-105457PSIRT: PVR0657567 - nimbus-jose-jwt-9.38.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-53864
 GRD-105463Tenable Scan - python3 rpm updateCVE-2025-4138, CVE-2025-4435, CVE-2025-4330, CVE-2025-4517, CVE-2024-12718, CVE-2024-11168, CVE-2024-9287
 GRD-105470Tenable Scan - python3-setuptools rpm updateCVE-2025-47273
 GRD-105474Tenable Scan - jq rpm updateCVE-2025-48060, CVE-2024-23337
 GRD-105482Tenable Scan - libxml2 rpm updateCVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-7425
 GRD-105540Tenable Scan - kernel rpm updateCVE-2025-21999, CVE-2025-21979, CVE-2025-21969, CVE-2025-37750, CVE-2025-21961, CVE-2025-21963, CVE-2025-23150, CVE-2025-21883, CVE-2025-22104, CVE-2025-37738, 
CVE-2023-52933, CVE-2025-21759, CVE-2025-22004, CVE-2025-37799, CVE-2025-21887, CVE-2025-21991, CVE-2024-58002, CVE-2025-38089, CVE-2025-21926, CVE-2025-22055, CVE-2025-37785, CVE-2025-37943, CVE-2025-21920, CVE-2025-21997, CVE-2023-52623, CVE-2024-26638, CVE-2024-41042, CVE-2024-58099, CVE-2023-52662, CVE-2024-35847, CVE-2024-26669, CVE-2024-36917, CVE-2024-56615, CVE-2024-35838, CVE-2024-26939, CVE-2025-21764, CVE-2024-36940, CVE-2024-36006, CVE-2022-49846, CVE-2024-35924, CVE-2024-35807, CVE-2024-43880, CVE-2024-41097, CVE-2023-52477, CVE-2023-52565, CVE-2024-39471, CVE-2024-26717, CVE-2024-41092, CVE-2023-52781, CVE-2023-52595, CVE-2024-35790, CVE-2024-46826, CVE-2024-56614, CVE-2025-22126, CVE-2023-52834, CVE-2025-38110, CVE-2025-22121, CVE-2025-38086, CVE-2024-57980, CVE-2025-22085, CVE-2025-37797, CVE-2025-22091, CVE-2025-37958, CVE-2025-37890, CVE-2025-21727, CVE-2025-22020, CVE-2025-21928, CVE-2025-21929, CVE-2022-49788, CVE-2025-21962, CVE-2025-38052, CVE-2025-21905, CVE-2025-22113, CVE-2025-38087, CVE-2021-47527, CVE-2022-48669, CVE-2022-49395, CVE-2022-49788, CVE-2023-52451, CVE-2023-52764, CVE-2023-52877, CVE-2024-26659, CVE-2024-26934, CVE-2024-26964, CVE-2024-27059, CVE-2024-36945, CVE-2024-43888, CVE-2025-21919, CVE-2022-3424, CVE-2024-58005, CVE-2024-58007, CVE-2024-58069, CVE-2025-21633, CVE-2025-21927, CVE-2025-21993, CVE-2025-21756, CVE-2025-21966, CVE-2025-37749, CVE-2025-21964
 GRD-105541Tenable Scan -  xorg-x11-server updateCVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180
 GRD-105543Tenable Scan - iputils rpm updateCVE-2025-47268
 GRD-105544Tenable Scan - krb5-libs rpm updateCVE-2025-3576
 GRD-105546Tenable Scan - pam rpm updateCVE-2025-6020
 GRD-105548Tenable Scan - sudo rpm updateCVE-2025-32462
 GRD-105553Tenable Scan - libarchive rpm updateCVE-2025-25724
 GRD-105564Tenable Scan - microcode_ctl updateCVE-2025-20623, CVE-2025-24495, CVE-2024-28956, CVE-2025-20012, CVE-2024-43420, CVE-2024-45332
 GRD-105655PSIRT: PVR0659972 - MySQL Server July 2025 CPUCVE-2024-37891, CVE-2025-50076, CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50082, CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50088, CVE-2025-50089, CVE-2025-50091, CVE-2025-50092, CVE-2025-50093, CVE-2025-50094, CVE-2025-50095, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099, CVE-2025-50100, CVE-2025-50101, CVE-2025-50102, CVE-2025-50103, CVE-2025-50104, CVE-2025-53023, CVE-2025-53032, CVE-2025-5399
 GRD-106825Tenable Scan - sqlite-libs rpm updateCVE-2025-6965
 GRD-107947PSIRT: PVR0659972 - MySQL Server July 2025 CPUCVE-2024-37891, CVE-2025-50076, CVE-2025-50077, CVE-2025-50078, CVE-2025-50079, CVE-2025-50080, CVE-2025-50082, CVE-2025-50083, CVE-2025-50084, CVE-2025-50085, CVE-2025-50086, CVE-2025-50087, CVE-2025-50088, CVE-2025-50089, CVE-2025-50091, CVE-2025-50092, CVE-2025-50093, CVE-2025-50094, CVE-2025-50095, CVE-2025-50096, CVE-2025-50097, CVE-2025-50098, CVE-2025-50099, CVE-2025-50100, CVE-2025-50101, CVE-2025-50102, CVE-2025-50103, CVE-2025-50104, CVE-2025-53023, CVE-2025-53032, CVE-2025-5399
 GRD-109346PSIRT : PVR0664972 - netty-codec-http2-4.1.110.Final.jar (Publicly disclosed vulnerability found by Mend) CVE-2025-55163
 GRD-109645SE - Nessus - RHEL 9 : httpd (RHSA-2025:15023)CVE-2024-47252, CVE-2025-23048, CVE-2025-49812
 GRD-109908PSIRT:  PVR0498314 - easy-rules-mvel-3.2.0.jar (Publicly disclosed vulnerability found by Mend)CVE-2023-50571
 GRD-110658SE - Nessus - RHEL 9 : podman (RHSA-2025:15900)CVE-2025-9566
 GRD-110752SE - Nessus - RHEL 9 : gnutls (RHSA-2025:16116)CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395
 GRD-111590PSIRT: PVR0669678, PVR0669059  - netty-codec-4.1.119.Final.jar (Publicly disclosed vulnerability found by Mend)CVE-2025-58057
 GRD-112516SE - Nessus - RHEL 9 : libssh (RHSA-2025:18275)CVE-2025-5318
 GRD-113790SE - Nessus - RHEL 9 : xorg-x11-server update (Moderate) (RHSA-2025:19433)CVE-2025-62229, CVE-2025-62230, CVE-2025-62231
 GRD-114625SE - Nessus - RHEL 9 : sqlite (RHSA-2025:20936)CVE-2025-6965
 GRD-114629SE - Nessus - RHEL 9 : sssd (RHSA-2025:20954)CVE-2025-11561
 
 
Known issues

This patch contains the following known issues. 

Issue keySummary
GRD-100626

When you upgrade your environment from any Guardium version 12.0 release to Guardium version 12.1, the following CLI values are not retained and must be set again.

store account lockout
store account strike count
store account strike interval
store account strike max
store log external gdm_error
store pdf-config size
store stap network_latency
store timeout classifier sample_query
store antlr3_remove_comments
store system classifier profile small
store system snif-alerts-facility
store log classifier level
store aggregator static_data
support store snif-debug
store pdf-config multilanguage_support
support store tcpdump
support logrotate message

GRD-105774

When you restore your environment from Guardium version 12.0p7135 release to Guardium version 12.2, the following CLI values are not retained and must be set again.

store account lockout
store account strike count
store account strike interval
store account strike max
store system snif-thread-number
store maximum query duration
store pdf-config size
store remotelog max_message_size
stow stap network_latency
store timeout fileserver_session
store timeout db_connection
store timeout classifier count_query
store timeout classifier sample_query
store allow_reinstall
store system classifier profile
store system snif-alerts-facility
store log classifier level
store system time_server state
store aggregator static_data
store monitor custom_db_usage
store pdf-config multilanguage_support
store system service disable guard-insights
store system sshd-max-connection

GRD-112146

When you upgrade your central manager from Guardium 12.0p125 (see release notes) to Guardium 12.0p7135, the Kafka clusters stop functioning correctly. The issue was traced to the Kafka Cruise Control not receiving new certificates promptly, causing authentication failures.  

Workaround: After installing 12.0p7135, manually restart the Kafka cluster from the Kafka cluster management page.

GRD-121734Initial Kafka cluster creation may fail for new customers trying universal connector 2.0 for the first time. If this occurs, restart the Kafka cluster to resolve the issue. This does not affect existing universal connector 2.0 customers.
 
 
 

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.1.0"}]

Document Information

Modified date:
12 March 2026

UID

ibm17263178

Page Feedback