HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).
References
Link | Resource |
---|---|
https://github.com/theguly/CVE-2017-14105 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-09-01 17:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-14105
Mitre link : CVE-2017-14105
CVE.ORG link : CVE-2017-14105
JSON object : View
Products Affected
aerohive
- hivemanager_classic
CWE
CWE-20
Improper Input Validation