CVE-2022-27237
Last modified
CVE-2022-27237 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ni | Flexlogger | 2021 | R2 |
| Ni | G Web Development Software | 2021 | — |
| Ni | Labview | 2021 | — |
| Ni | Static Test Software Suite | < 1.2 | — |
| Ni | Systemlink | 2020 | R4 |
| Ni | Systemlink | 2022 | R1 |
References
- https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.htmlMitigation, Patch, Vendor Advisory
- https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.htmlMitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-27237?
How severe is CVE-2022-27237?
How do I fix CVE-2022-27237?
Are you affected by CVE-2022-27237?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST