5.5

CVE-2023-5136

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure.  An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.

Data is provided by the National Vulnerability Database (NVD)
NiTopografix Data Plugin Version2023 Update- SwPlatformgpx
NiDiadem Version2014
NiDiadem Version2015 Update-
NiDiadem Version2015 Updatesp2
NiDiadem Version2017 Update-
NiDiadem Version2017 Updatesp1
NiDiadem Version2018 Update-
NiDiadem Version2018 Updatesp1
NiDiadem Version2019 Update-
NiDiadem Version2019 Updatesp1
NiDiadem Version2020 Update-
NiDiadem Version2020 Updatesp1
NiDiadem Version2021 Update-
NiDiadem Version2021 Updatesp1
NiDiadem Version2022 Updateq2
NiDiadem Version2022 Updateq4
NiDiadem Version2023 Updateq2
NiVeristand Version2013 Updatesp1
NiVeristand Version2014
NiVeristand Version2015 Update-
NiVeristand Version2015 Updatesp1
NiVeristand Version2016
NiVeristand Version2017
NiVeristand Version2018 Update-
NiVeristand Version2018 Updatesp1
NiVeristand Version2019 Update-
NiVeristand Version2019 Updater2
NiVeristand Version2019 Updater3
NiVeristand Version2019 Updater3f1
NiVeristand Version2020 Update-
NiVeristand Version2020 Updater2
NiVeristand Version2020 Updater3
NiVeristand Version2020 Updater4
NiVeristand Version2020 Updater5
NiVeristand Version2020 Updater6
NiVeristand Version2021 Update-
NiVeristand Version2021 Updater2
NiVeristand Version2021 Updater3
NiVeristand Version2023 Updateq1
NiVeristand Version2023 Updateq2
NiVeristand Version2023 Updateq3
NiVeristand Version2023 Updateq4
NiFlexlogger Version2018 Updater1
NiFlexlogger Version2018 Updater2
NiFlexlogger Version2018 Updater3
NiFlexlogger Version2018 Updater4
NiFlexlogger Version2019 Updater1
NiFlexlogger Version2019 Updater2
NiFlexlogger Version2019 Updater3
NiFlexlogger Version2019 Updater4
NiFlexlogger Version2020 Updater1
NiFlexlogger Version2020 Updater2
NiFlexlogger Version2020 Updater3
NiFlexlogger Version2020 Updater4
NiFlexlogger Version2021 Updater1
NiFlexlogger Version2021 Updater2
NiFlexlogger Version2021 Updater3
NiFlexlogger Version2021 Updater4
NiFlexlogger Version2022 Updateq2
NiFlexlogger Version2022 Updateq4
NiFlexlogger Version2023 Updateq1
NiFlexlogger Version2023 Updateq2
NiFlexlogger Version2023 Updateq3
NiFlexlogger Version2023 Updateq4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.256
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
security@ni.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.