Lucene search
K

32 matches found

CVE
CVE
added 2020/08/25 8:21 p.m.63 views

CVE-2020-15644

Marvell QConvergeConsole 5.5.0.64 is affected by CVE-2020-15644. The flaw is in setAppFileBytes of the GWTTestServiceImpl class, where user-supplied paths are not properly validated before file operations, enabling a directory-traversal-style path to be exploited. This can allow remote attackers ...

9CVSS8.9AI score0.09255EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/08/25 8:21 p.m.61 views

CVE-2020-15645

CVE-2020-15645 affects Marvell QConvergeConsole 5.5.0.64. The root cause is in the getFileFromURL method of the GWTTestServiceImpl class, which lacks proper validation of a user-supplied path before file operations. This leads to remote code execution with SYSTEM privileges. Authentication is req...

9CVSS8.9AI score0.10678EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/08/25 8:21 p.m.26 views

CVE-2020-15644

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS8.9AI score0.09255EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/08/25 8:21 p.m.25 views

CVE-2020-15643

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS8.9AI score0.59349EPSS
Exploits1References3
CVE
CVE
added 2020/08/25 8:21 p.m.58 views

CVE-2020-15643

CVE-2020-15643 affects Marvell QConvergeConsole 5.5.0.64. The vulnerability is in GWTTestServiceImpl.saveAsText, due to insufficient validation of a user-supplied path used in file operations, allowing remote code execution in the SYSTEM context after bypassing authentication. The issue is networ...

9CVSS8.9AI score0.59349EPSS
Exploits1References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.37 views

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText meth...

8.8CVSS4.7AI score0.59349EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.38 views

Marvell QConvergeConsole writeObjectToConfigFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS4.7AI score0.10086EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.36 views

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL...

8.8CVSS2.4AI score0.10678EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.6 views

PT-2020-14567 · Marvell · Marvell Qconvergeconsole

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole version 5.5.0.64 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism ca...

9CVSS9AI score0.10678EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.37 views

Marvell QConvergeConsole setAppFileBytes Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes...

8.8CVSS4.6AI score0.09255EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.27 views

Marvell QConvergeConsole GWTTestServiceImpl decryptFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile...

8.8CVSS4.6AI score0.10086EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/10 12:0 a.m.37 views

Marvell QConvergeConsole isHPSmartComponent Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

8.8CVSS3.2AI score0.07244EPSS
Exploits0References1
Rows per page
Query Builder