Unrated severityNVD Advisory· Published Aug 17, 2014· Updated Jun 17, 2026
CVE-2014-3080
CVE-2014-3080
Description
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*range: <=1.20.0.22575
- (no CPE)range: <1.20.20.23447
- cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*Range: <=1.20.0.22575
Patches
Vulnerability mechanics
References
6- www.exploit-db.com/exploits/34132/nvdExploit
- www.securityfocus.com/bid/68777nvdExploit
- www.ibm.com/support/entry/portal/docdisplaynvdVendor Advisory
- packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.htmlnvd
- seclists.org/fulldisclosure/2014/Jul/113nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/93929nvd
News mentions
0No linked articles in our index yet.