Description
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- NI / DIAdem0 – 2023 Q2
- NI / FlexLogger0 – 2023 Q4
- NI / TopoGrafix DataPlugin for GPX0 – 2023 Q4
- NI / VeriStand0 – 2023 Q4