CVE-2026-12628— IBM Storage Protect Snapshot Windows 硬编码凭据导致越权
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-12628 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用硬编码的凭证
来源: 美国国家漏洞数据库 NVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| IBM | Storage Protect Client | 8.1.0.0 ~ 8.2.1.0 | cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:* | |
| IBM | Storage Protect Snapshot For Windows | 8.1.0.0 ~ 8.2.1.0 | cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.1.0.0:*:*:*:*:*:*:* |
二、漏洞 CVE-2026-12628 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-12628 的情报信息
请登录查看更多情报信息。
CVE-2026-12628 其他参考 (1)
同批安全公告 · IBM · 2026-06-22 · 共 21 条
| CVE-2026-10561 | 10.0 CRITICAL | Langflow OSS PythonREPLComponent 远程代码执行漏洞 |
| CVE-2026-7664 | 9.8 CRITICAL | Langflow OSS Webhook端点未授权流程执行漏洞 |
| CVE-2026-9072 | 8.1 HIGH | IBM WebSphere Application Server Liberty拒绝服务、HTTP请求走私及远程代码执行漏洞 |
| CVE-2026-9071 | 7.5 HIGH | IBM WebSphere Application Server 不受控资源消耗漏洞 |
| CVE-2026-8858 | 7.5 HIGH | IBM WebSphere Application Server Liberty 远程代码执行漏洞 |
| CVE-2026-9006 | 7.4 HIGH | IBM WebSphere Application Server 服务端请求伪造漏洞 |
| CVE-2026-8646 | 7.4 HIGH | IBM WebSphere Application Server 多个漏洞 |
| CVE-2024-54178 | 6.5 MEDIUM | IBM Db2 on Cloud Pak for Data 多个漏洞 |
| CVE-2024-51454 | 6.5 MEDIUM | IBM Engineering Workflow Management 主机头注入漏洞 |
| CVE-2026-8059 | 6.1 MEDIUM | IBM Datacap 多个漏洞 |
| CVE-2025-2669 | 6.0 MEDIUM | IBM Db2 on Cloud Pak for Data 多个漏洞 |
| CVE-2026-9320 | 5.9 MEDIUM | IBM WebSphere Application Server 多种漏洞 |
| CVE-2026-10852 | 5.9 MEDIUM | IBM WebSphere Liberty拒绝服务漏洞 |
| CVE-2026-8636 | 5.5 MEDIUM | IBM Datacap 多个漏洞 |
| CVE-2026-11372 | 5.4 MEDIUM | IBM TRIRIGA 跨站脚本漏洞 |
| CVE-2025-33128 | 5.4 MEDIUM | IBM Engineering Lifecycle Management 远程代码执行漏洞 |
| CVE-2023-33854 | 5.3 MEDIUM | IBM Db2 Cloud Pak for Data 多个漏洞 |
| CVE-2026-7253 | 5.3 MEDIUM | IBM Sterling File Gateway SSRF漏洞 |
| CVE-2026-9610 | 2.3 LOW | IBM Datacap 多个漏洞 |
| CVE-2026-10845 | IBM WebSphere Application Server 身份验证绕过漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-12628
暂无评论