EUVD-2025-209149
GHSA-jj8c-ggwx-vfm9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
4Description
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Analysis
SQL injection in IBM Storage Protect Server 8.2.0 and Storage Protect Plus Server allows authenticated remote attackers to execute arbitrary SQL commands against the back-end database, enabling unauthorized data access, modification, or deletion. The vulnerability requires low attack complexity and low-level privileges (CVSS 7.6, PR:L), making it exploitable by any authenticated user. No public exploit identified at time of analysis, though SQL injection techniques are well-documented. EPSS data not provided, but SQL injection vulnerabilities historically see moderate exploitation rates when authentication barriers are low.
Technical Context
This is a classic SQL injection vulnerability (CWE-89) affecting IBM Storage Protect Server version 8.2.0 and the IBM Storage Protect Plus Server product line. SQL injection occurs when user-supplied input is improperly sanitized before being incorporated into SQL queries, allowing attackers to inject malicious SQL statements that the database executes with the application's privileges. The affected products are enterprise-class data protection and backup solutions that maintain critical metadata and configuration data in relational databases. The CVSS vector indicates network-accessible exploitation (AV:N) with no user interaction required (UI:N), suggesting the vulnerable SQL interface is exposed through an API, web interface, or management console accessible to authenticated users. The low attack complexity (AC:L) indicates no special conditions are required beyond valid credentials, meaning standard SQL injection techniques apply without need for race conditions, timing attacks, or complex preconditions.
Affected Products
The vulnerability affects IBM Storage Protect Server version 8.2.0 and IBM Storage Protect Plus Server, as identified by CPE string cpe:2.3:a:ibm:storage_protect_server:*:*:*:*:*:*:*:*. IBM Storage Protect (formerly Tivoli Storage Manager) is an enterprise data protection platform used for backup, archive, and disaster recovery across physical, virtual, and cloud environments. The advisory indicates version 8.2.0 is specifically vulnerable, though the CPE wildcard notation suggests potential impact across multiple versions within the 8.2.x line. Complete version range details and whether Storage Protect Plus is affected across all versions or specific releases should be confirmed via the vendor security bulletin at https://www.ibm.com/support/pages/node/7267783.
Remediation
Apply the vendor-released patch available through IBM Support as documented in security bulletin https://www.ibm.com/support/pages/node/7267783. Organizations should immediately review the advisory to identify the specific patched version for IBM Storage Protect Server 8.2.x and Storage Protect Plus Server, then schedule emergency maintenance windows to deploy updates to production backup infrastructure. As an interim mitigation before patching, restrict network access to Storage Protect management interfaces using firewall rules or network segmentation to limit exposure to trusted administrative networks only, implement strict authentication controls with multi-factor authentication where supported, monitor database query logs for SQL injection patterns (excessive UNION statements, comment sequences, time-based delays), and review user account privileges to ensure least-privilege access principles. Given the data sensitivity of backup infrastructure, organizations should audit recent database access logs for suspicious queries that may indicate exploitation attempts or successful compromise prior to remediation.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today