CVE Vulnerability

CVE-2022-27237

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html Mitigation Patch
Configurations

Configuration 1

cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*
cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*
cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*
cpe:2.3:a:ni:systemlink:2020:r4:*:*:*:*:*:*
cpe:2.3:a:ni:systemlink:2022:r1:*:*:*:*:*:*
cpe:2.3:a:ni:systemlink:2022:r2:*:*:*:*:*:*
cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:community:*:*:*
cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:-:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:community:*:*:*
cpe:2.3:a:ni:static_test_software_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:-:*:*:*
Information

Published : 2022-04-21 05:15

Updated : 2022-05-03 03:40

NVD link : CVE-2022-27237

Mitre link : CVE-2022-27237

Products Affected
No products.
CWE
CWE-79