CVE-2020-15640

Name of the Vulnerable Software and Affected Versions Marvell QConvergeConsole version 5.5.0.64

Description This issue allows remote attackers to disclose sensitive information without requiring authentication. The problem exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class due to inadequate validation of a user-supplied path before using it in file operations. An attacker can exploit this to disclose stored credentials, potentially leading to further compromise.

Recommendations For Marvell QConvergeConsole version 5.5.0.64, consider disabling the getFileUploadBytes method of the FlashValidatorServiceImpl class as a temporary workaround until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.