HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).
theguly at 2020-02-28T16:20:24.015747Z reported: note: CVE owner here.
this vulnerability doesn't have so much value today because the product has been discontinued and aerohive has been acquired. all MSP are now moving to extreme cloud platform.
Assessed Attacker Value: 2 Assessed Exploitability: 5