CVE-2020-5805

EUVD-2020-26962
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
marvellqconvergeconslole_gui
𝑥
≤ 5.5.0.74
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.tenable.com/security/research/tra-2021-01
https://www.tenable.com/security/research/tra-2021-01