CVE-2022-38129

Description

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.

References

https://www.tenable.com/security/research/tra-2022-28

Details