Vulnerabilities > Keysight > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-27 CVE-2023-1967 Deserialization of Untrusted Data vulnerability in Keysight N8844A 2.1.7351
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
network
low complexity
keysight CWE-502
critical
9.8
2023-03-27 CVE-2023-1399 Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
network
low complexity
keysight CWE-502
critical
9.8
2022-08-10 CVE-2022-38129 Path Traversal vulnerability in Keysight Sensor Management Server 2.4.0
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS).
network
low complexity
keysight CWE-22
critical
9.8
2022-08-10 CVE-2022-38130 SQL Injection vulnerability in Keysight Sensor Management Server 2.4.0
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS.
network
low complexity
keysight CWE-89
critical
9.8
2022-06-02 CVE-2022-1660 Deserialization of Untrusted Data vulnerability in Keysight N6841A RF Firmware and N6854A Firmware
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
keysight CWE-502
critical
9.8