Cross-Site Scripting Vulnerabilities in IBM Global Console Manager Switches
CVE-2014-3080

Currently unrated

Key Information:

Vendor: IBM
Status: Global Console Manager 32 Firmware; Global Console Manager 16 Firmware
Vendor: CVE Published:; 17 August 2014

Summary

IBM Global Console Manager switches, specifically the GCM16 and GCM32 models with firmware versions prior to 1.20.20.23447, exhibit multiple cross-site scripting vulnerabilities. These flaws allow remote attackers to inject arbitrary web scripts or HTML through manipulation of the query string in 'kvm.cgi' or the 'key' parameter in 'avctalert.php'. This could lead to unauthorized actions performed in the context of the user's session, exposing sensitive information or allowing for further attacks.

References

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-...

x_refsource_MISC

http://www.securityfocus.com/bid/68777

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/34132/

exploitx_refsource_EXPLOIT-DB

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Apr 29, 2014