Lucene search

[email protected]NVD:CVE-2022-27237

HistoryApr 21, 2022 - 5:15 a.m.

CVE-2022-27237

2022-04-2105:15:06

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

ni web server

systemlink

flexlogger

labview

g web development

static test software suite

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.

Affected configurations

Nvd

Node

niflexloggerMatch2021r2

niflexloggerMatch2021r3

niflexloggerMatch2021r4

nig_web_development_softwareMatch2021-

nig_web_development_softwareMatch2021community

nilabviewMatch2021--

nilabviewMatch2021-community

nistatic_test_software_suiteRange<1.2

nisystemlinkMatch2020r4

nisystemlinkMatch2022r1

nisystemlinkMatch2022r2

VendorProductVersionCPE
niflexlogger2021cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*
niflexlogger2021cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*
niflexlogger2021cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*
nig_web_development_software2021cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:-:*:*:*
nig_web_development_software2021cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:community:*:*:*
nilabview2021cpe:2.3:a:ni:labview:2021:-:*:*:-:*:*:*
nilabview2021cpe:2.3:a:ni:labview:2021:-:*:*:community:*:*:*
nistatic_test_software_suite*cpe:2.3:a:ni:static_test_software_suite:*:*:*:*:*:*:*:*
nisystemlink2020cpe:2.3:a:ni:systemlink:2020:r4:*:*:*:*:*:*
nisystemlink2022cpe:2.3:a:ni:systemlink:2022:r1:*:*:*:*:*:*

Vendor	Product	Version	CPE
ni	flexlogger	2021	cpe:2.3:a:ni:flexlogger:2021:r2::::::
ni	flexlogger	2021	cpe:2.3:a:ni:flexlogger:2021:r3::::::
ni	flexlogger	2021	cpe:2.3:a:ni:flexlogger:2021:r4::::::
ni	g_web_development_software	2021	cpe:2.3:a:ni:g_web_development_software:2021::::-:::
ni	g_web_development_software	2021	cpe:2.3:a:ni:g_web_development_software:2021::::community:::
ni	labview	2021	cpe:2.3:a:ni:labview:2021:-:::-:::*
ni	labview	2021	cpe:2.3:a:ni:labview:2021:-:::community:::*
ni	static_test_software_suite	*	cpe:2.3:a:ni:static_test_software_suite::::::::
ni	systemlink	2020	cpe:2.3:a:ni:systemlink:2020:r4::::::
ni	systemlink	2022	cpe:2.3:a:ni:systemlink:2022:r1::::::

Rows per page:

1-10 of 111

References

www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Related for NVD:CVE-2022-27237

prion1 cvelist1 cve1