CVE-2014-3081
IBM Global Console Manager 16 Firmware - Information Disclosure
Title source: ruleDescription
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alejandro Alvarez Bravo · textremotephp
https://www.exploit-db.com/exploits/34132
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/34132/
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jul/113
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93930
Scores
EPSS
0.1080
EPSS Percentile
93.4%
Details
CWE
CWE-200
Status
published
Products (2)
ibm/global_console_manager_16_firmware
< 1.20.0.22575
ibm/global_console_manager_32_firmware
< 1.20.0.22575
Published
Aug 17, 2014
Tracked Since
Feb 18, 2026