EDB-34132
remotephpVERIFIED
IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities
CVE-2014-3085CVE-2014-3081CVE-2014-3080
Alejandro Alvarez Bravo7/21/2014
CVE-2014-3080
NONEMultiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or H
Veröffentlicht: 8/17/2014Aktualisiert: 4/12/2025
Beschreibung
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
KI-AnalyseKI-gestützt
Betroffene Produkte
ibmglobal_console_manager_16_firmware
ibmglobal_console_manager_32_firmware
Verfügbare Exploits (1)
Referenzen
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html
- http://seclists.org/fulldisclosure/2014/Jul/113
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- http://www.securityfocus.com/bid/68777Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93929
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html
- http://seclists.org/fulldisclosure/2014/Jul/113
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- http://www.securityfocus.com/bid/68777Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93929