CVE-2022-27233

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

Published: Nov 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27233
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-91

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
intel / quartus_prime	-	21.1.x
intel / quartus_prime	-	22.1

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html

Vulnerability Database

290,020

CVE-2022-27233