Vulnerabilities (CVE)

Filtered by vendor Marvell Subscribe
Filtered by product Qconvergeconslole Gui
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5805 1 Marvell 1 Qconvergeconslole Gui 2024-02-28 9.0 HIGH 8.8 HIGH
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
CVE-2020-5804 1 Marvell 1 Qconvergeconslole Gui 2024-02-28 8.5 HIGH 8.1 HIGH
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.