Lucene search

[email protected]NVD:CVE-2024-6122

HistoryJul 22, 2024 - 8:15 p.m.

CVE-2024-6122

2024-07-2220:15:04

CWE-276

[email protected]

web.nvd.nist.gov

cve-2024-6122

ni systemlink server

information disclosure

installation directory

flexlogger

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.

Affected configurations

Nvd

Node

nisystemlinkRange≤2024

nisystemlinkMatch2024q1

Node

niflexloggerRange≤2023

niflexloggerMatch2023q2

VendorProductVersionCPE
nisystemlink*cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*
nisystemlink2024cpe:2.3:a:ni:systemlink:2024:q1:*:*:*:*:*:*
niflexlogger*cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*
niflexlogger2023cpe:2.3:a:ni:flexlogger:2023:q2:*:*:*:*:*:*

Vendor	Product	Version	CPE
ni	systemlink	*	cpe:2.3:a:ni:systemlink::::::::
ni	systemlink	2024	cpe:2.3:a:ni:systemlink:2024:q1::::::
ni	flexlogger	*	cpe:2.3:a:ni:flexlogger::::::::
ni	flexlogger	2023	cpe:2.3:a:ni:flexlogger:2023:q2::::::

References

www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-6122

cvelist1 cve1 vulnrichment1