CVE-2026-13473

IBM · Storage Protect Client

IBM Storage Protect Client contains a security vulnerability that may allow an unauthenticated attacker to impact system confidentiality, integrity, and availability.

Executive summary

A high-severity vulnerability in IBM Storage Protect Client versions 8.1.x and 8.2.x could allow remote attackers to compromise the security of the backup infrastructure.

Vulnerability

This vulnerability allows for remote exploitation by an unauthenticated attacker. The flaw carries a CVSS score of 8.1, indicating that it could lead to severe consequences if successfully triggered.

Business impact

The compromise of a storage protection client can lead to unauthorized access to sensitive backup data, potential modification of backups, or the disruption of data recovery services. Given the critical role of storage protection in disaster recovery, this vulnerability poses a severe threat to business continuity and data security.

Remediation

Immediate Action: Upgrade the IBM Storage Protect Client to version 8.2.1.2 according to the vendor-provided upgrade path and instructions.

Proactive Monitoring: Monitor backup client logs for unusual activity or unexpected connection attempts from unauthorized sources.

Compensating Controls: Isolate the storage management network and implement strict firewall rules to ensure that only authorized backup servers can communicate with the clients.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Organizations relying on IBM Storage Protect Client should initiate the update process immediately to version 8.2.1.2. Failure to update leaves backup infrastructure vulnerable to remote exploitation, potentially impacting the reliability of the entire backup strategy.