Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)

Summary IBM GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a...

Security Bulletin: A vulnerability in OpenSSL affects GCM16 & GCM32 KVM Switch Firmware (CVE-2019-1551)

Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x6464 Montgomery squaring procedure used...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware

Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing...

Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by LCM8 and LCM16 KVM Switch Firmware and GCM16 and GCM32 KVM Switch Firmware. LCM8 and LCM16 KVM Switch Firmware and GCM16 and GCM32 KVM Switch Firmware have addressed the applicable CVEs...

Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610)

Summary LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. Vulnerability Details Summary LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL...

Security Bulletin: Three potential vulnerabilities in IBM GCM16/GCM32 Global Console Managers (CVE-2014-3085, CVE-2014-3081, CVE-2014-3080)

Summary Three potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches Vulnerability Details Abstract Three potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches Content Vulnerability Details: CVE ID:...

CVE-2014-3085

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

CVE-2014-3081

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter...

Code injection

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

Code injection

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter...

CVE-2014-3081

CVE-2014-3081 affects IBM Global Console Manager switches (GCM16/GCM32). The vulnerability allows a remote authenticated user to read arbitrary files via the filename parameter in prodtest.php, on firmware versions prior to 1.20.20.23447. IBM’s security bulletin confirms this issue and provides t...

CVE-2014-3085

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

CVE-2014-3080

What’s affected: IBM Global Console Manager switches GCM16/GCM32 (firmware 1.20.0.22575 and earlier). Vulnerability type: Cross-site scripting (XSS) due to improper input validation. Where it lies: Web interface via vulnerable endpoints (kvm.cgi query string, avctalert.php key parameter). Impact:...

CVE-2014-3085

Affected product : IBM Global Console Manager switches (GCM16 and GCM32). Version impact : firmware versions prior to 1.20.20.23447 are affected. Vulnerability : CVE-2014-3085 — Improper handling in systest.php allows a remote authenticated attacker to execute arbitrary commands via shell metacha...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

CVE-2013-0526

The CVE-2013-0526 entry details a remote code execution vulnerability in IBM 1754 GCM16/GCM32 KVM switches (firmware

IBM GCM16/GCM32 Default Credentials (HTTP)

The remote IBM GCM16 or GCM32 KVM is using known default credentials. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...