CVE-2014-3080

2014-08-1723:55:06

CWE-79

ibm

web.nvd.nist.gov

ibm

gcm16

gcm32

xss

vulnerability

firmware

cve-2014-3080

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.

Affected configurations

Nvd

Node

ibmglobal_console_manager_16_firmwareRange≤1.20.0.22575

ibmglobal_console_manager_32_firmwareRange≤1.20.0.22575

VendorProductVersionCPE
ibmglobal_console_manager_16_firmware*cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*
ibmglobal_console_manager_32_firmware*cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	global_console_manager_16_firmware	*	cpe:2.3:o:ibm:global_console_manager_16_firmware::::::::
ibm	global_console_manager_32_firmware	*	cpe:2.3:o:ibm:global_console_manager_32_firmware::::::::