Unrated severityNVD Advisory· Published Aug 17, 2014· Updated May 6, 2026

CVE-2014-3085

Description

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Affected products

IBM/Global Console Manager 16 Firmware
cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*
Range: <=1.20.0.22575
IBM/Global Console Manager 32 Firmware
cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*
Range: <=1.20.0.22575

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.htmlnvdExploit
www.exploit-db.com/exploits/34132/nvdExploit
www.ibm.com/support/entry/portal/docdisplaynvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/94091nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000