CVE-2026-12628
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Storage Protect Client | 8.1.0.0 <= 8.2.1.0 | affected |
| IBM | Storage Protect Snapshot For Windows | 8.1.0.0 <= 8.2.1.0 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
The remaining PVRs for other platforms are classified with a low severity score and will be addressed in an upcoming release.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.