CVE-2022-27233

Опубликовано: 11 нояб. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

Ссылки

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html
Patch
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:*

Версия до 21.1 (включая)

cpe:2.3:a:intel:quartus_prime:*:*:*:*:pro:*:*:*

Версия до 22.1 (исключая)

EPSS

Процентиль: 75%

0.00911

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-91

Связанные уязвимости

GHSA-3254-fhc5-j338

CVSS3: 7.5

github

около 3 лет назад

XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

EPSS

Процентиль: 75%

0.00911

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-91