Skip to main content

Storage Protect Snapshot For Windows

1 CVEs product

Monthly

CVE-2026-12628 CRITICAL PATCH Act Now

Authentication bypass in IBM Storage Protect Client and IBM Storage Protect Snapshot for Windows (versions 8.1.0.0 through 8.2.1.0) allows remote unauthenticated attackers to impersonate legitimate clients via hardcoded credentials embedded in the FlashCopy Manager (FCM) authentication mechanism. The flaw, classified as CWE-798 with a CVSS 9.1 critical rating, enables attackers to establish trusted sessions and access protected backup services. There is no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at 0.33% (24th percentile), but IBM has released a vendor advisory and patch.

IBM Microsoft Authentication Bypass Storage Protect Client Storage Protect Snapshot For Windows
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authentication bypass in IBM Storage Protect Client and IBM Storage Protect Snapshot for Windows (versions 8.1.0.0 through 8.2.1.0) allows remote unauthenticated attackers to impersonate legitimate clients via hardcoded credentials embedded in the FlashCopy Manager (FCM) authentication mechanism. The flaw, classified as CWE-798 with a CVSS 9.1 critical rating, enables attackers to establish trusted sessions and access protected backup services. There is no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at 0.33% (24th percentile), but IBM has released a vendor advisory and patch.

IBM Microsoft Authentication Bypass +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy