CVE-2020-5805

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole GUI versions <= 5.5.0.74

Description: The issue concerns the storage of credentials in cleartext within the tomcat-users.xml file. This allows OS-level users on the host, who are not authorized to use QConvergeConsole, to potentially login to the console using the plaintext credentials.

Recommendations: For Marvell QConvergeConsole GUI versions <= 5.5.0.74, consider restricting access to the tomcat-users.xml file to prevent unauthorized users from obtaining the credentials. As a temporary workaround, restrict OS-level user access to the QCC host to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.