CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14585 – Hipchat Data Center / Hipchat Server Code Execution / SSRF
https://notcve.org/view.php?id=CVE-2017-14585
27 Nov 2017 — A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. Una vulnerabilidad de SSRF (Server-Side Request Forgery) podría conducir a la ejecución remota de código ... • http://www.securityfocus.com/bid/101945 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-8080
https://notcve.org/view.php?id=CVE-2017-8080
05 May 2017 — Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. Atlassian Hipchat Server en versiones anteriores a la 2.2.4 permite a usuarios autenticados remotos con privilegios a nivel de usuario ejecutar código arbitrario mediante vectores que involucran la subida de imágenes. • http://www.securityfocus.com/bid/98262 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2017-7357 – Hipchat Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-7357
14 Apr 2017 — Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file. Hipchat Server en versiones anteriores a 2.2.3 permite a usuarios autenticados remotos con privilegios de nivel Server Administrator ejecutar código arbitrario al importar un archivo. Hipchat server versions prior to 2.2.3 suffer from a remote code execution vulnerability that can be leveraged via Administrative Imports. • http://www.securityfocus.com/archive/1/540410/100/0/threaded • CWE-434: Unrestricted Upload of File with Dangerous Type •