Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.
[
{
"product": "Marvell QConvergeConsole GUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.5.0.74"
}
]
}
]