NotCVE - vendor:"Keysight" product:"Sensor Management Server"

2 results (0.011 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-38130

https://notcve.org/view.php?id=CVE-2022-38130

10 Aug 2022 — The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\sms\), effectively controlling the content of the database to be restored. El método com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() es usado para restaurar la base... • https://www.tenable.com/security/research/tra-2022-28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-38129

https://notcve.org/view.php?id=CVE-2022-38129

10 Aug 2022 — A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. Se presenta una vulnerabilidad de salto de rutas en el método com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() en Keysight Sensor Management Server (SMS). Esto permite que un atacante remoto no autenticado cargue archivos arbitrarios en el hos... • https://www.tenable.com/security/research/tra-2022-28 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •