Keysight Sensor Management Server vulnerabilities
2 known vulnerabilities affecting keysight/sensor_management_server.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2022-38130P1CRITICALCVSS 9.8ExploitedPoCv2.4.02022-08-10
CVE-2022-38130 [CRITICAL] CWE-89 CVE-2022-38130: The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore t
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\sms\), effectively controlling the content of the datab
nvd
CVE-2022-38129P2CRITICALCVSS 9.8v2.4.02022-08-10
CVE-2022-38129 [CRITICAL] CWE-22 CVE-2022-38129: A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicen
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
nvd