Back

CVE-2024-6122

July 22, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

NI SystemLink Server

  • 2024 Q1
  • prior

NI FlexLogger

  • 2023 Q2
  • prior

Source

security@ni.com

Tags

CWE-276
security@ni.com
2024-07-22
CVE-2024-6122

CVE-2024-6122 details

Published : July 22, 2024, 8:15 p.m.
Last Modified : July 22, 2024, 8:15 p.m.

Description

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-276 Incorrect Default Permissions During installation, installed file permissions are set to allow anyone to modify those files.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

URL Source
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html security@ni.com
This website uses the NVD API, but is not approved or certified by it.