Skip to main content

Quartus Prime CVE-2022-27233

HIGH
XML Injection (aka Blind XPath Injection) (CWE-91)
2022-11-11 secure@intel.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 11, 2022 - 16:15 nvd
HIGH 7.5

DescriptionNVD

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

AnalysisAI

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-91. XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. Affected products include: Intel Quartus Prime.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-27187 HIGH
7.8 Nov 11

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02s

CVE-2019-14603 HIGH
7.8 Dec 16

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before versi

CVE-2019-0171 HIGH
7.8 May 17

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to pote

CVE-2018-3683 HIGH
7.8 Jul 10

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbi

CVE-2020-24454 HIGH
7.5 Nov 12

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before versi

CVE-2024-21862 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allo

CVE-2024-21837 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an

CVE-2024-21809 HIGH
7.3 May 16

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow

CVE-2024-21777 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an

CVE-2023-24016 HIGH
7.3 Aug 11

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow

CVE-2020-8737 MEDIUM
6.8 Nov 12

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro

CVE-2025-14625 MEDIUM
6.7 Jan 07

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell module

Share

CVE-2022-27233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy