Arbitrary File Upload Vulnerability in Keysight Sensor Management Server (SMS)

Arbitrary File Upload Vulnerability in Keysight Sensor Management Server (SMS)

CVE-2022-38129 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.

Learn more about our Cis Benchmark Audit For Server Software.