VYPR
Vendor

Keysight

Products
12
CVEs
15
Across products
17
Status
Private

Products

12

Recent CVEs

15
  • CVE-2022-38130CriAug 10, 2022
    risk 0.68cvss 9.8epss 0.53

    The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database…

  • CVE-2022-38129CriAug 10, 2022
    risk 0.65cvss 9.8epss 0.18

    A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.

  • CVE-2022-1660CriJun 2, 2022
    risk 0.65cvss 9.8epss 0.16

    The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2023-1967CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.

  • CVE-2020-35121HigDec 15, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.

  • CVE-2023-36853HigJul 19, 2023
    risk 0.51cvss 7.8epss 0.00

    ​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.

  • CVE-2023-34394HigJul 19, 2023
    risk 0.51cvss 7.8epss 0.00

    In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service…

  • CVE-2022-1661HigJun 2, 2022
    risk 0.50cvss 7.5epss 0.15

    The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.

  • CVE-2025-24525HigSep 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device.…

  • CVE-2020-35122HigDec 15, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection.

  • CVE-2025-24494HigMar 5, 2025
    risk 0.47cvss 7.2epss 0.01

    Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded binary.…

  • CVE-2025-24521MedMar 5, 2025
    risk 0.32cvss 4.9epss 0.00

    External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: …

  • CVE-2025-23416MedMar 5, 2025
    risk 0.32cvss 4.9epss 0.00

    Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

  • CVE-2025-21095MedMar 5, 2025
    risk 0.32cvss 4.9epss 0.01

    Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

  • CVE-2023-1860LowApr 5, 2023
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"> leads to cross…