CVE-2022-38129

Critical

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor…

tenable·CWE-22·Published 2022-08-10

CVSS

9.8

EPSS

0.20

KEV

Exploits

cve.orgen

253 chars

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.

NVDen

253 chars

NVDes

266 chars

Se presenta una vulnerabilidad de salto de rutas en el método com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() en Keysight Sensor Management Server (SMS). Esto permite que un atacante remoto no autenticado cargue archivos arbitrarios en el host de SMS

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N