Published: 17/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.3 | Impact Score: 6.9 | Exploitability Score: 6.8

VMScore: 635

Vector: AV:N/AC:M/Au:S/C:C/I:N/A:N

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware prior to 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm global console manager 32 firmware
ibm global console manager 16 firmware

*Product description* The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance Versions v120022575 and prior are vulnerables Note that this vulnerability is also present in some DELL and probably other vendors of this rebranded KVM I contacted Dell but no response has been received *1 ...

The IBM 1754 GCM KVM suffers from code execution, arbitrary file read, and cross site scripting vulnerabilities Versions 120022575 and below are vulnerable ...

CWE-200 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983 http://www.exploit-db.com/exploits/34132/http://seclists.org/fulldisclosure/2014/Jul/113 http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html https://exchange.xforce.ibmcloud.com/vulnerabilities/93930 https://nvd.nist.gov https://www.exploit-db.com/exploits/34132/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3081

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect