A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
[
{
"product": "Keysight Technologies Sensor Management Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Keysight Technologies Sensor Management Server v2.4.0"
}
]
}
]