Overview
- Description
- XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
- Source
- secure@intel.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-91
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C4D8484-EFE5-4E4F-B9D1-67B154A4454A",
"versionEndIncluding": "21.1"
},
{
"criteria": "cpe:2.3:a:intel:quartus_prime:*:*:*:*:pro:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8840E25D-6BE8-4057-8D89-0619BD9D2392",
"versionEndExcluding": "22.1"
}
],
"operator": "OR"
}
]
}
]