[VIM] IBM GCM16/32 v1.20.0.22575 vulnerabilities
George Theall
gtheall at tenable.com
Mon Jul 21 19:47:53 CDT 2014
In a post to Full Disclosure (http://seclists.org/fulldisclosure/2014/Jul/113), Alejandro Alvarez today references CVE-2014-2085 for a remote code execution vulnerability in IBM GCM KVM switch. That’s been rejected by Mitre and the underlying issue merged into CVE-2014-2084 "because it is the same type of vulnerability and affects the same versions.” And CVE-2014-2084 is for multiple information disclosure vulnerabilities in Skybox View Appliances.
It looks like SecurityFocus merged the IBM GCM KVM switch issue into BID 67352 today. Other than referencing CVE-2014-2085, the issues covered by the BID seem totally unrelated to the RCE reported today by Alvarez. Himanshu / Dinesh / Narayan / Venkat / Rob : would you explain the thinking behind this merge?
George
--
theall at tenable.com
More information about the VIM
mailing list