CVE-2024-6122

EUVD-2024-47269
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access.  This affects NI SystemLink Server 2024 Q1 and prior versions.  It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
nisystemlink
𝑥
≤ 2024
niflexlogger
𝑥
≤ 2023
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
nisystemlink
𝑥
≤ 2024q1
ADP
niflexlogger
𝑥
≤ 2023q2
ADP
Common Weakness Enumeration
References
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html