RSS   Vulnerabilities for 'Qconvergeconslole gui'   RSS

2021-01-08
 
CVE-2020-5805

CWE-312
 

 
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.

 
 
CVE-2020-5804

CWE-22
 

 
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.

 

 >>> Vendor: Marvell 28 Products
88w8361p-bem chipset
88w8361w-bem1
88w8787 firmware
88w8797 firmware
88w8801 firmware
88w8897 firmware
88w8997 firmware
88ss1074 firmware
88ss1079 firmware
88ss1080 firmware
88ss1084 firmware
88ss1085 firmware
88ss1087 firmware
88ss1088 firmware
88ss1090 firmware
88ss1092 firmware
88ss1093 firmware
88ss1095 firmware
88ss1098 firmware
88ss1100 firmware
88ss9174 firmware
88ss9175 firmware
88ss9187 firmware
88ss9188 firmware
88ss9189 firmware
88ss9190 firmware
Qconvergeconsole
Qconvergeconslole gui


Copyright 2021, cxsecurity.com

 

Back to Top