5.5
CVE-2024-6122
- EPSS 0.07%
- Published 22.07.2024 20:15:04
- Last modified 21.11.2024 09:49:00
- Source security@ni.com
- Teams watchlist Login
- Open Login
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
Data is provided by the National Vulnerability Database (NVD)
Ni ≫ Systemlink Version <= 2024
Ni ≫ Systemlink Version2024 Updateq1
Ni ≫ Flexlogger Version <= 2023
Ni ≫ Flexlogger Version2023 Updateq2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.218 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@ni.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.