CVE-2022-38130
N/A
N/A
Summary
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \<attacker-host>\sms<attacker-db.zip>), effectively controlling the content of the database to be restored.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Keysight Technologies Sensor Management Server | Keysight Technologies Sensor Management Server v2.4.0 | affected |
Weaknesses
- Arbitrary Code Execution
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.