ID
VAR-202208-0818
CVE
CVE-2022-38130
TITLE
Keysight Technologies of sensor management server In SQL Injection vulnerability
Trust: 0.8
DESCRIPTION
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored. Keysight Technologies of sensor management server for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | keysight | model: | sensor management server | scope: | eq | version: | 2.4.0 | Trust: 1.8 |
| vendor: | keysight | model: | sensor management server | scope: | - | version: | - | Trust: 0.8 |
| vendor: | keysight | model: | sensor management server | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.1 |
| problemtype: | SQL injection (CWE-89) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
PATCH
| title: | Keysight Technologies Sensor Management Server SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204381 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-38130 | Trust: 3.3 |
| db: | TENABLE | id: | TRA-2022-28 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-014544 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202208-2742 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-433970 | Trust: 0.1 |
REFERENCES
| url: | https://www.tenable.com/security/research/tra-2022-28 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-38130 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2022-38130/ | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-433970 |
| db: | JVNDB | id: | JVNDB-2022-014544 |
| db: | CNNVD | id: | CNNVD-202208-2742 |
| db: | NVD | id: | CVE-2022-38130 |
LAST UPDATE DATE
2024-08-14T14:24:37.815000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-433970 | date: | 2022-08-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-014544 | date: | 2023-09-20T08:28:00 |
| db: | CNNVD | id: | CNNVD-202208-2742 | date: | 2022-08-16T00:00:00 |
| db: | NVD | id: | CVE-2022-38130 | date: | 2022-08-15T16:11:11.703 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-433970 | date: | 2022-08-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-014544 | date: | 2023-09-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-202208-2742 | date: | 2022-08-10T00:00:00 |
| db: | NVD | id: | CVE-2022-38130 | date: | 2022-08-10T20:16:06.777 |