// For flags

CVE-2022-27237

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.

Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en un componente de NI Web Server instalado con varios productos de NI. Dependiendo del producto(s) en uso, la guía de remediación incluye: instalar SystemLink versión 2021 R3 o posterior, instalar FlexLogger 2022 Q2 o posterior, instalar LabVIEW 2021 SP1, instalar G Web Development 2022 R1 o posterior, o instalar Static Test Software Suite versión 1.2 o posterior

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-18 CVE Reserved
  • 2022-04-21 CVE Published
  • 2023-11-12 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ni
Search vendor "Ni"
Flexlogger
Search vendor "Ni" for product "Flexlogger"
2021
Search vendor "Ni" for product "Flexlogger" and version "2021"
r2
Affected
Ni
Search vendor "Ni"
Flexlogger
Search vendor "Ni" for product "Flexlogger"
2021
Search vendor "Ni" for product "Flexlogger" and version "2021"
r3
Affected
Ni
Search vendor "Ni"
Flexlogger
Search vendor "Ni" for product "Flexlogger"
2021
Search vendor "Ni" for product "Flexlogger" and version "2021"
r4
Affected
Ni
Search vendor "Ni"
G Web Development Software
Search vendor "Ni" for product "G Web Development Software"
2021
Search vendor "Ni" for product "G Web Development Software" and version "2021"
-
Affected
Ni
Search vendor "Ni"
G Web Development Software
Search vendor "Ni" for product "G Web Development Software"
2021
Search vendor "Ni" for product "G Web Development Software" and version "2021"
community
Affected
Ni
Search vendor "Ni"
Labview
Search vendor "Ni" for product "Labview"
2021
Search vendor "Ni" for product "Labview" and version "2021"
-
Affected
Ni
Search vendor "Ni"
Labview
Search vendor "Ni" for product "Labview"
2021
Search vendor "Ni" for product "Labview" and version "2021"
community
Affected
Ni
Search vendor "Ni"
Static Test Software Suite
Search vendor "Ni" for product "Static Test Software Suite"
< 1.2
Search vendor "Ni" for product "Static Test Software Suite" and version " < 1.2"
-
Affected
Ni
Search vendor "Ni"
Systemlink
Search vendor "Ni" for product "Systemlink"
2020
Search vendor "Ni" for product "Systemlink" and version "2020"
r4
Affected
Ni
Search vendor "Ni"
Systemlink
Search vendor "Ni" for product "Systemlink"
2022
Search vendor "Ni" for product "Systemlink" and version "2022"
r1
Affected
Ni
Search vendor "Ni"
Systemlink
Search vendor "Ni" for product "Systemlink"
2022
Search vendor "Ni" for product "Systemlink" and version "2022"
r2
Affected