CVE-2014-3081

Published: Aug 17, 2014Modified: May 6, 2026

6.3

Vector

AV:N/AC:M/Au:S/C:C/I:N/A:N

Exploitability: 6.8 / Impact: 6.9

Source: NVD

Description

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Affected (2)

Products: Ibm: Global Console Manager 16 Firmware, Global Console Manager 32 Firmware

Ibm

2 products

Global Console Manager 16 Firmware

Global Console Manager 32 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Global Console Manager 16 Firmware	Up to 1.20.0.22575
Ibm Global Console Manager 32 Firmware	Up to 1.20.0.22575

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html

Source: psirt@us.ibm.com

Exploit

http://seclists.org/fulldisclosure/2014/Jul/113

Source: psirt@us.ibm.com

http://www.exploit-db.com/exploits/34132/

Source: psirt@us.ibm.com

Exploit

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/93930

Source: psirt@us.ibm.com

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html