Vulnerability Description
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Global Console Manager 16 Firmware | <= 1.20.0.22575 |
| Ibm | Global Console Manager 32 Firmware | <= 1.20.0.22575 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-FileExploit
- http://seclists.org/fulldisclosure/2014/Jul/113
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93930
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-FileExploit
- http://seclists.org/fulldisclosure/2014/Jul/113
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93930
FAQ
What is CVE-2014-3081?
CVE-2014-3081 is a vulnerability with a CVSS score of 6.3 (MEDIUM). prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
How severe is CVE-2014-3081?
CVE-2014-3081 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3081?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Global Console Manager 16 Firmware, Ibm Global Console Manager 32 Firmware.