彙總 keysight 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷、SQL 注入與跨站腳本 相關,可能在 生產負載與軟體部署 場景中帶來 資料外洩與工作階段劫持 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-36853 | In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. | [email protected] | 7.8 | 0.03% | 2023-07-19 | 2024-11-21 |
| CVE-2023-34394 | In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. | [email protected] | 7.8 | 0.04% | 2023-07-19 | 2024-11-21 |
| CVE-2023-1967 | Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | [email protected] | 9.8 | 0.21% | 2023-04-27 | 2025-01-16 |
| CVE-2023-1860 | A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue. | [email protected] | 3.5 | 0.18% | 2023-04-05 | 2024-11-21 |
| CVE-2023-1399 | N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. | [email protected] | 7.8 | 0.44% | 2023-03-27 | 2024-11-21 |
| CVE-2022-38130 | The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored. | [email protected] | 9.8 | 78.41% | 2022-08-10 | 2024-11-21 |
| CVE-2022-38129 | A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | [email protected] | 9.8 | 3.17% | 2022-08-10 | 2025-09-24 |
| CVE-2022-1661 | The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | [email protected] | 7.5 | 0.34% | 2022-06-02 | 2024-11-21 |
| CVE-2022-1660 | The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. | [email protected] | 9.8 | 0.98% | 2022-06-02 | 2024-11-21 |
| CVE-2020-35122 | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | [email protected] | 7.5 | 0.23% | 2020-12-15 | 2024-11-21 |
| CVE-2020-35121 | An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | [email protected] | 8.8 | 0.40% | 2020-12-15 | 2024-11-21 |