Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-5136
HistoryNov 08, 2023 - 4:15 p.m.

CVE-2023-5136

2023-11-0816:15:11
CWE-732
[email protected]
web.nvd.nist.gov
22
cve-2023-5136
topografix dataplugin
gpx
information disclosure
vulnerability
exploit
data file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.6%

JSON

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.

Affected configurations

NVD
Node
nitopografix_data_pluginMatch2023-gpx
Node
nidiademMatch2014
OR
nidiademMatch2015-
OR
nidiademMatch2015sp2
OR
nidiademMatch2017-
OR
nidiademMatch2017sp1
OR
nidiademMatch2018-
OR
nidiademMatch2018sp1
OR
nidiademMatch2019-
OR
nidiademMatch2019sp1
OR
nidiademMatch2020-
OR
nidiademMatch2020sp1
OR
nidiademMatch2021-
OR
nidiademMatch2021sp1
OR
nidiademMatch2022q2
OR
nidiademMatch2022q4
OR
nidiademMatch2023q2
Node
niveristandMatch2013sp1
OR
niveristandMatch2014
OR
niveristandMatch2015-
OR
niveristandMatch2015sp1
OR
niveristandMatch2016
OR
niveristandMatch2017
OR
niveristandMatch2018-
OR
niveristandMatch2018sp1
OR
niveristandMatch2019-
OR
niveristandMatch2019r2
OR
niveristandMatch2019r3
OR
niveristandMatch2019r3f1
OR
niveristandMatch2020-
OR
niveristandMatch2020r2
OR
niveristandMatch2020r3
OR
niveristandMatch2020r4
OR
niveristandMatch2020r5
OR
niveristandMatch2020r6
OR
niveristandMatch2021-
OR
niveristandMatch2021r2
OR
niveristandMatch2021r3
OR
niveristandMatch2023q1
OR
niveristandMatch2023q2
OR
niveristandMatch2023q3
OR
niveristandMatch2023q4
Node
niflexloggerMatch2018r1
OR
niflexloggerMatch2018r2
OR
niflexloggerMatch2018r3
OR
niflexloggerMatch2018r4
OR
niflexloggerMatch2019r1
OR
niflexloggerMatch2019r2
OR
niflexloggerMatch2019r3
OR
niflexloggerMatch2019r4
OR
niflexloggerMatch2020r1
OR
niflexloggerMatch2020r2
OR
niflexloggerMatch2020r3
OR
niflexloggerMatch2020r4
OR
niflexloggerMatch2021r1
OR
niflexloggerMatch2021r2
OR
niflexloggerMatch2021r3
OR
niflexloggerMatch2021r4
OR
niflexloggerMatch2022q2
OR
niflexloggerMatch2022q4
OR
niflexloggerMatch2023q1
OR
niflexloggerMatch2023q2
OR
niflexloggerMatch2023q3
OR
niflexloggerMatch2023q4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "TopoGrafix DataPlugin for GPX",
    "vendor": "NI",
    "versions": [
      {
        "lessThan": "2023 Q4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "DIAdem",
    "vendor": "NI",
    "versions": [
      {
        "lessThan": "2023 Q2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "VeriStand",
    "vendor": "NI",
    "versions": [
      {
        "lessThanOrEqual": "2023 Q4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "FlexLogger",
    "vendor": "NI",
    "versions": [
      {
        "lessThanOrEqual": "2023 Q4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

zdi 1
cvelist 1
nvd 1
prion 1
zdi
zdi
NI DIAdem GPX File Parsing XML External Entity Processing Information Disclosure Vulnerability
2023-11-14 00:00:00
cvelist
cvelist
CVE-2023-5136 Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
2023-11-08 15:24:10
nvd
nvd
CVE-2023-5136
2023-11-08 16:15:11
prion
prion
Information disclosure
2023-11-08 16:15:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.6%

JSON
Related for CVE-2023-5136
zdi1cvelist1nvd1prion1