CVE-2017-14105

Name of the Vulnerable Software and Affected Versions HiveManager Classic versions through 8.1r1

Description The issue allows arbitrary JSP code execution by modifying a backup archive before a restore. This is possible because the restore feature does not validate pathnames within the archive. An authenticated, local attacker, even one restricted as a tenant, can exploit this by adding a JSP file at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps, which will then be exposed at the web interface.

Recommendations For versions through 8.1r1, consider restricting access to the restore feature and validating pathnames within backup archives to prevent arbitrary JSP code execution. As a temporary workaround, consider disabling the restore feature until a proper validation mechanism is implemented.