Storage Protect Snapshot For Windows
Monthly
Authentication bypass in IBM Storage Protect Client and IBM Storage Protect Snapshot for Windows (versions 8.1.0.0 through 8.2.1.0) allows remote unauthenticated attackers to impersonate legitimate clients via hardcoded credentials embedded in the FlashCopy Manager (FCM) authentication mechanism. The flaw, classified as CWE-798 with a CVSS 9.1 critical rating, enables attackers to establish trusted sessions and access protected backup services. There is no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at 0.33% (24th percentile), but IBM has released a vendor advisory and patch.
Authentication bypass in IBM Storage Protect Client and IBM Storage Protect Snapshot for Windows (versions 8.1.0.0 through 8.2.1.0) allows remote unauthenticated attackers to impersonate legitimate clients via hardcoded credentials embedded in the FlashCopy Manager (FCM) authentication mechanism. The flaw, classified as CWE-798 with a CVSS 9.1 critical rating, enables attackers to establish trusted sessions and access protected backup services. There is no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at 0.33% (24th percentile), but IBM has released a vendor advisory and patch.