CVE-2022-21205

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.

Published: Feb 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-21205
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
intel / quartus_prime	-	21.3

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00632.html

Vulnerability Database

290,020

CVE-2022-21205