cvedb.io
CVE-2017-14105
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2017-09-01T17:29:00.213 · Last modified 2026-06-17T01:05:35.853

Summary

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).

Affected products

aerohive — hivemanager_classic

Does this affect you?

Add your gear to cvedb and we'll alert you only when aerohive ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.