CVE-2022-27237

Опубликовано: 21 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.

Ссылки

https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html
Mitigation
Patch
Vendor Advisory
https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*

cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*

cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*

cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:-:*:*:*

cpe:2.3:a:ni:g_web_development_software:2021:*:*:*:community:*:*:*

cpe:2.3:a:ni:labview:2021:-:*:*:-:*:*:*

cpe:2.3:a:ni:labview:2021:-:*:*:community:*:*:*

cpe:2.3:a:ni:static_test_software_suite:*:*:*:*:*:*:*:*

Версия до 1.2 (исключая)

cpe:2.3:a:ni:systemlink:2020:r4:*:*:*:*:*:*

cpe:2.3:a:ni:systemlink:2022:r1:*:*:*:*:*:*

cpe:2.3:a:ni:systemlink:2022:r2:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00495

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4qj7-6xgq-rgvw