Security Bulletin: Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

Summary IBM Storage Protect Snapshot For Windows is affected by allowing a remote unauthenticated attacker to bypass authentication and gain SYSTEM-level access due to a hardcoded credential. Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1....

CVE-2026-12628

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

CVE-2026-12628

CVE-2026-12628 affects IBM Storage Protect Client (8.1.0.0–8.2.1.0) and IBM Storage Protect Snapshot for Windows (8.1.0.0–8.2.1.0). The IBM security bulletin confirms a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism and multiple authentication code paths, enabling re...

CVE-2026-12628 Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

PT-2026-51331

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Client versions 8.1.0.0 through 8.2.1.0 IBM Storage Protect Snapshot For Windows versions 8.1.0.0 through 8.2.1.0 Description An authentication bypass exists in the FlashCopy Manager FCM authentication mechanism. The...

Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).

Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...

IBM Storage Protect Server SQL Injection Vulnerability

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint (CVE-2025-13855).

Summary IBM Storage Protect Server provides a JSON-RPC endpoint through which authenticated users can execute backend SQL SELECT queries and access data from internal database tables, potentially exposing administrative metadata. Vulnerability Details CVEID:CVE-2025-13855 DESCRIPTION: IBM Storage...

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server/IBM Storage Protect Plus Server (version 8.2.0) are affected by a SQL injection vulnerability (CVE-2025-13855) arising from lack of validation of externally supplied SQL statements. An attacker could remotely send crafted SQL to view, add, modify, or delete data in the ...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2026-29412

Name of the Vulnerable Software and Affected Versions IBM Storage Protect Server and IBM Storage Protect Plus Server versions 8.2.0 Description IBM Storage Protect Server and IBM Storage Protect Plus Server are susceptible to SQL injection. A remote attacker could submit crafted SQL statements,...

IBM Storage Protect Server SQL注入漏洞

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Spectrum Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management can be affected by logging and security vulnerabilities. This update improves reliability of Java object property handling, modern logging frameworks and...

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in IBM SDK, Java Technology Edition that could allow denial-of-service or information exposure in applications using the affected Java components.

Summary IBM Storage Protect Server is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition may allow attackers to exploit weaknesses in certain Java components. These issues could lead to denial-of-service conditions or unintended information exposure in applications that rely...

Security Bulletin:IBM Storage Protect Server is vulnerable to an unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925).

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

Security Bulletin: IBM Storage Protect Operations Center is affected by a vulnerability in IBM WebSphere Application Server Liberty that could allow a security configuration attack (CVE-2025-12635).

Summary IBM Spectrum Protect Operations Center uses IBM WebSphere Application Server Liberty in certain components; a vulnerability in Liberty may allow a security configuration attack that could impact the security of the affected environment under specific conditions. Vulnerability Details...

Security Bulletin: IBM Storage Protect Server is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE,...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could lead to denial-of-service under specific conditions (CVE-2025-11226).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is vulnerable to improper handling of certain inputs that could lead to denial-of-service under specific conditions. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in...

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).

Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...