Marvell QConvergeConsole (QCC) FlashValidatorServiceImpl decryptFile Path Traversal RCE

The Marvell QConvergeConsole GUI running on the remote host is affected by a path traversal vulnerability in the decryptFile method of the FlashValidatorServiceImpl class in the FlashValidator web application. An unauthenticated, remote attacker can exploit this, via specially crafted messages, t...

CVE-2020-15639

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The iss...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The iss...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...

CVE-2020-15639

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The iss...

CVE-2020-15640

Marvell QConvergeConsole 5.5.0.64 is affected by CVE-2020-15640. The flaw is in FlashValidatorServiceImpl.getFileUploadBytes, caused by missing validation of a user-supplied path before file operations, enabling a path traversal information disclosure. Multiple sources (ZDI-20-968, RH Red Hat adv...

Marvell QConvergeConsole decryptFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue result...

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. T...

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. T...