CVE-2017-14105

HIGH

HiveManager Classic <8.1r1 - RCE

Title source: llm

Description

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).

Exploits (1)

nomisec WORKING POC 1 stars

by theguly · poc

https://github.com/theguly/CVE-2017-14105

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://github.com/theguly/CVE-2017-14105

Scores

CVSS v3 7.8

EPSS 0.0151

EPSS Percentile 81.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (2)

aerohive/hivemanager_classic 8.0r1

aerohive/hivemanager_classic 8.1r1

Published Sep 01, 2017

Tracked Since Feb 18, 2026