SystemLink Server and FlexLogger Vulnerabilities
CVE-2024-6121

7.8HIGH

Key Information:

Vendor: NI
Status: Flexlogger
Vendor: CVE Published:; 22 July 2024

What is CVE-2024-6121?

An outdated version of the Redis database, included with NI SystemLink Server and NI FlexLogger, exposes users to multiple security vulnerabilities. Specifically, this affects NI SystemLink Server versions released in Q1 2024 and earlier, as well as NI FlexLogger versions from Q2 2023 and earlier, that rely on this shared Redis service. Users of these products should apply the latest updates to secure their systems and mitigate risks associated with potential exploits.

References

https://www.ni.com/en/support/security/available-critical...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2024