CVE-2022-27233
First published: Fri Nov 11 2022(Updated: )
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Quartus Prime | <=21.1 | |
| Intel Quartus Prime | <22.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-27233?
CVE-2022-27233 is a vulnerability that involves XML injection in the Quartus Prime Programmer component included in the Intel Quartus Prime Pro and Standard edition software.
What is the severity of CVE-2022-27233?
CVE-2022-27233 has a severity level of high, with a severity value of 7.5.
How does CVE-2022-27233 impact the affected software?
CVE-2022-27233 may allow an unauthenticated user to potentially enable information disclosure via network access in Intel Quartus Prime Pro and Standard edition software.
Which versions of Intel Quartus Prime are affected by CVE-2022-27233?
CVE-2022-27233 affects Intel Quartus Prime Pro versions up to and excluding 22.1, and Intel Quartus Prime Standard versions up to and including 21.1.
How can I mitigate the XML injection vulnerability in Quartus Prime Programmer?
To mitigate the XML injection vulnerability in Quartus Prime Programmer, it is recommended to update to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel quartus prime
- version/intel quartus prime/21.1