Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:marvell:qconvergeconslole_gui:5.5.0.74:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-5805 |
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. Published: January 08, 2021; 11:15:15 AM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2020-5804 |
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. Published: January 08, 2021; 11:15:15 AM -0500 |
V3.1: 8.1 HIGH V2.0: 8.5 HIGH |