Qconvergeconslole Gui
Approved changes feed: RSS · Atom
cpe:2.3:a:marvell:qconvergeconslole_gui:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Marvell (906ef564-b1d5-59e3-b3fb-484c50870f1b) |
|---|---|
| Product | Qconvergeconslole Gui (0a8cac31-e78c-5c84-bf50-7699bc475927) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-5805 |
vulnerable | 2026-06-03 14:42:57.333500 |
Details available
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
Published: 2021-01-08T15:13:11.000Z
Updated: 2024-08-04T08:39:25.930Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5804 |
vulnerable | 2026-06-03 14:42:57.333107 |
Details available
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.
Published: 2021-01-08T15:12:54.000Z
Updated: 2024-08-04T08:39:25.999Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.