Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5805 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. | |||||
CVE-2020-5804 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-02-28 | 8.5 HIGH | 8.1 HIGH |
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. |