EIP-2026-102470

PRE-CVE

Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102470. PoCs published by Giorgio Fedon.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Computer Associates Oneview Monitor, allowing remote code execution by injecting arbitrary JSP code via the 'file' parameter in the 'doSave.jsp' endpoint.

Description

Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Giorgio Fedon · textwebappsjsp

https://www.exploit-db.com/exploits/34440

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in Computer Associates Oneview Monitor, allowing remote code execution by injecting arbitrary JSP code via the 'file' parameter in the 'doSave.jsp' endpoint.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Computer Associates Oneview Monitor

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026