Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6122

An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.

Published

2024-07-22T20:15:04.470

Last Modified

2024-11-21T09:49:00.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ni	systemlink	≤ 2024	Yes
Application	ni	systemlink	2024	Yes
Application	ni	flexlogger	≤ 2023	Yes
Application	ni	flexlogger	2023	Yes

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html Mitigation, Vendor Advisory ([email protected])
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)