Qconvergeconslole Gui

qconvergeconslole_gui

Vendor: Marvell • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

1Marvell

1Qconvergeconslole Gui

Nov 21, 2024

Jan 8, 2021

N/A· v4

8.8 HIGH· v3

9.0 HIGH· v2

In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.

1Marvell

1Qconvergeconslole Gui

Nov 21, 2024

Jan 8, 2021

N/A· v4

8.1 HIGH· v3

8.5 HIGH· v2

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in f...Show more

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.Show less