CVE-2022-38130

Name of the Vulnerable Software and Affected Versions No specific software version is mentioned, so the affected software is: Keysight SMS (affected versions not specified)

Description The issue concerns the com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method, which is used to restore the HSQLDB database. This method takes the path of the zipped database file as a parameter. An unauthenticated, remote attacker can specify a UNC path for the database file, allowing them to control the content of the database to be restored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.