File Read Vulnerability in IBM Global Console Managers
CVE-2014-3081

Currently unrated

Key Information:

Vendor: IBM
Status: Global Console Manager 32 Firmware; Global Console Manager 16 Firmware
Vendor: CVE Published:; 17 August 2014

Summary

A vulnerability in the IBM Global Console Manager (GCM16 and GCM32) allows remote authenticated users to exploit the filename parameter in prodtest.php to read arbitrary files. This flaw, present in firmware versions before 1.20.20.23447, poses risks to sensitive data exposure and may facilitate further attacks on the affected systems.

References

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-...

x_refsource_MISC

http://www.exploit-db.com/exploits/34132/

exploitx_refsource_EXPLOIT-DB

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2014
Vulnerability Reserved
Apr 29, 2014