Vulnerabilities > IBM > Global Console Manager 32 Firmware > 1.20.0.22575

DATE CVE VULNERABILITY TITLE RISK
2014-08-17 CVE-2014-3085 OS Command Injection vulnerability in IBM products
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
network
high complexity
ibm CWE-78
7.1
7.1
2014-08-17 CVE-2014-3081 Information Exposure vulnerability in IBM products
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
network
ibm CWE-200
6.3
6.3
2014-08-17 CVE-2014-3080 Cross-Site Scripting vulnerability in IBM products
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
network
ibm CWE-79
4.3
4.3