CVE-2022-27233
Medium
Published: 11 November 2022
Published
11 November 2022
Modified
05 February 2025
KEV Added
—
Patch
—
CVSS Score v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.0086
75.5th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-27233 is a medium-severity aka Blind XPath Injection (CWE-91) vulnerability in Intel Quartus Prime. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-31742
Vulnerability details
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
intel
quartus prime
≤ 21.1 · ≤ 22.1
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.