Zero Day MonitorZDM

← Back to list

7.6

CVE-2025-13855PATCHED

ibm · storage protect server

IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

Description

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Affected Products

Vendor	Product	Versions
ibm	storage protect server	8.2.0

References

https://www.ibm.com/support/pages/node/7267783(vendor-advisory, patch)

Related News (1 articles)

Tier C

VulDB15h ago

CVE-2025-13855 | IBM Storage Protect Server/Storage Protect Plus Server sql injection

→ No new info (linked only)

CVSS 3.17.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://www.ibm.com/support/pages/node/7267783

CWECWE-89

PublishedApr 1, 2026

Last enriched15h agov2

Tags

CVE-2025-13855

Trending Score26

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

NONECVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(),

HIGHCVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

MEDIUMCVE-2025-14807

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct

MEDIUMCVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: severity, tags

Apr 1, 2026

Patch Available

Apr 1, 2026

Version History

v2

Last enriched 15h ago

v2Tier C15h ago

Updated severity to CRITICAL, marked exploit as unavailable, and added CVE-2025-13855 tag.

severitytags

via VulDB

v116h ago

Initial creation