Back to KEVs

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 10, 2022
Published Date
August 10, 2022
Last Updated
August 03, 2024
Vendor
n/a
Product
Keysight Technologies Sensor Management Server
Description
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\sms\), effectively controlling the content of the database to be restored.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
24.40% (Percentile: 95.79%) as of 2025-05-14

Exploit Status

Exploited in the Wild
Yes (added 2025-05-06 00:00:00 UTC) Source

References

https://www.tenable.com/security/research/tra-2022-28

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-06 00:00:00 UTC