Alejandro Alvarez Bravo

**Name of the Vulnerable Software and Affected Versions** IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 **Description** The issue allows remote authenticated users to read arbitrary files. This is achieved via the `filename` parameter in the prodtest.php file. **Recommendations** For firmware versions before 1.20.20.23447, update the firmware to version 1.20.20.23447 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `lpres` parameter in the systest.php file. **Recommendations** For IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447, update the firmware to version 1.20.20.23447 or later to resolve the issue. As a temporary workaround, consider restricting access to the systest.php file to minimize the risk of exploitation. Avoid using the `lpres` parameter in the affected file until the issue is resolved.