{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-27233","assignerOrgId":"6dda929c-bb53-4a77-a76d-48e79601a1ce","state":"PUBLISHED","assignerShortName":"intel","requesterUserId":"524a9a6b-3515-4b97-ab85-1a9a79493852","dateReserved":"2022-03-21T23:31:41.486Z","datePublished":"2022-11-11T15:48:42.749Z","dateUpdated":"2025-02-05T20:52:28.158Z"},"containers":{"cna":{"providerMetadata":{"orgId":"6dda929c-bb53-4a77-a76d-48e79601a1ce","shortName":"intel","dateUpdated":"2023-02-07T16:09:01.371Z"},"problemTypes":[{"descriptions":[{"lang":"en","description":"information disclosure"}]}],"affected":[{"vendor":"n/a","product":"Intel(R) Quartus Prime Pro and Standard edition software","versions":[{"version":"See reference","status":"affected"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access."}],"references":[{"name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:25:32.302Z"},"title":"CVE Program Container","references":[{"name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-91","lang":"en","description":"CWE-91 XML Injection (aka Blind XPath Injection)"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-29T20:38:52.827622Z","id":"CVE-2022-27233","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-05T20:52:28.158Z"}}]}}