CVE-2022-21220

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 83.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Quartus Prime
Timeline
PublishedFeb 9
Latest updateFeb 11

Description

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5intel(r)_quartus(r)_prime_pro_editionbefore version 21.3

🔴Vulnerability Details

2
GHSA
GHSA-hwc9-2qcx-r45x: Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 212022-02-11
CVEList
CVE-2022-21220: Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 212022-02-09
CVE-2022-21220 (HIGH CVSS 7.8) | Improper restriction of XML externa | cvebase.io