Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® PROSet/Wireless WiFi Software Advisory**

**Summary: **

A potential security vulnerability in some Intel® PROSet/Wireless WiFi products may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID:  CVE-2020-0559

Description: Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows\* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

**Affected Products:**

Intel® PROSet/Wireless WiFi software for the following products:

Intel® Wi-Fi 6 AX201  
Intel® Wi-Fi 6 AX200  
Intel® Wireless-AC 9560  
Intel® Wireless-AC 9462  
Intel® Wireless-AC 9461  
Intel® Wireless-AC 9260  
Intel® Dual Band Wireless-AC 8265  
Intel® Dual Band Wireless-AC 8260  
Intel® Dual Band Wireless-AC 3168  
Intel® Wireless 7265 (Rev D) Family  
Intel® Dual Band Wireless-AC 3165

**Recommendations:**

Intel recommends updating Intel® PROSet/Wireless WiFi products running on Windows\* 7 or 8.1 to version 21.40.5.1 or later.

Release version 21.40.5.1 is available for download at this location:

https://www.intel.com/content/www/us/en/support/products/59485/network-and-i-o/wireless-networking.html

**Acknowledgements:**

Intel would like to thank Marius Gabriel Mihai for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

08/11/2020

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2020-0559: Intel-SA-00355

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.

1<?php23/\*4Plugin Name: Freemind WP Browser5Version: 1.26Plugin URI: http://lakm.us/logit/7Description: Embed \`\*.mm\` Freemind mind-map Flash Browser to a WordPress blog by \`\[freemind file="path-to-some-file.mm" /\]\`. This has been a modification of Joshua Eldridge' Flash Video Player. Powered by \`visorFreemind.swf\` from Flash Browser and \`SWFObject\` by Geoff Stearns.8Author: Arif Kusbandono9Author URI: http://lakm.us1011This program is free software; you can redistribute it and/or modify12it under the terms of the GNU General Public License as published by13the Free Software Foundation; either version 2 of the License, or14any later version.1516This program is distributed in the hope that it will be useful,17but WITHOUT ANY WARRANTY; without even the implied warranty of18MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the19GNU General Public License for more details.2021You should have received a copy of the GNU General Public License22along with this program; if not, write to the Free Software23Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA2425\*/2627$videoid \= 0;28$site\_url \= get\_option('siteurl');2930function FreemindMap\_Parse($content) {31        $content \= preg\_replace\_callback("/\\\[freemind (\[^\]\]\*)\\/\\\]/i", "FreemindMap\_Render", $content);32        return $content;33}3435function FreemindMap\_Render($matches) {36        global $videoid, $site\_url;37        $output \= '';38        $rss\_output \= '';39        $matches\[1\] \= str\_replace(array('&#8221;','&#8243;'), '', $matches\[1\]);40        preg\_match\_all('/(\[.\\w\]\*)=(.\*?) /i', $matches\[1\], $attributes);41        $arguments \= array();4243        foreach ( (array) $attributes\[1\] as $key \=> $value ) {44                // Strip out legacy quotes45                $arguments\[$value\] \= str\_replace('"', '', $attributes\[2\]\[$key\]);46        }4748        if ( !array\_key\_exists('filename', $arguments) && !array\_key\_exists('file', $arguments) ) {49                return '<div style="background-color:#ff9;padding:10px;"><p>Error: Required parameter "file" is missing!</p></div>';50                exit;51        }52        53        //Deprecate filename in favor of file. 54        if(array\_key\_exists('filename', $arguments)) {55                $arguments\['file'\] \= $arguments\['filename'\];56        }5758        $options \= get\_option('FreemindSettings');5960        if(strpos($arguments\['file'\], 'http://') !== false || isset($arguments\['streamer'\]) || strpos($arguments\['file'\], 'https://') !== false) {61                // This is a remote file, so leave it alone but clean it up a little62                $arguments\['file'\] \= str\_replace('&#038;','&',$arguments\['file'\]);63        } else {64                $arguments\['file'\] \= $site\_url . '/' . $arguments\['file'\];65        }66        $output .= "\\n" . '<span id="video' . $videoid . '" class="flashvideo">' . "\\n";67        $output .= '<a href="http://www.macromedia.com/go/getflashplayer">Get the Flash Player</a> to see this player.</span>' . "\\n";68        $output .= '<script type="text/javascript">' . "\\n";69        $output .= 'var s' . $videoid . ' = new SWFObject("' . $site\_url . '/wp-content/plugins/freemind-wp-browser/mediaplayer/visorFreemind.swf' . '","n' . $videoid . '","' . $options\['width'\] . '","' . $options\['height'\] . '","6");' . "\\n";7071                $output .= 's' . $videoid . '.addParam("quality", "high");' . "\\n";72                $output .= 's' . $videoid . '.addParam("bgcolor", "#a0a0f0");' . "\\n";73        $output .= 's' . $videoid . '.addVariable("CSSFile", "' . $site\_url . '/wp-content/plugins/freemind-wp-browser/mediaplayer/flashfreemind.css' . '");' . "\\n";74                $output .= 's' . $videoid . '.addVariable("openUrl", "\_blank");' . "\\n";75                $output .= 's' . $videoid . '.addVariable("startCollapsedToLevel","3");' . "\\n";76                $output .= 's' . $videoid . '.addVariable("maxNodeWidth","200");' . "\\n";77                $output .= 's' . $videoid . '.addVariable("mainNodeShape","elipse");' . "\\n";78                $output .= 's' . $videoid . '.addVariable("justMap","false");' . "\\n";79                $output .= 's' . $videoid . '.addVariable("initLoadFile","' . $arguments\['file'\] . '");' . "\\n";80                $output .= 's' . $videoid . '.addVariable("defaultToolTipWordWrap",200);' . "\\n";81                $output .= 's' . $videoid . '.addVariable("offsetX","left");' . "\\n";82                $output .= 's' . $videoid . '.addVariable("offsetY","top");' . "\\n";83                $output .= 's' . $videoid . '.addVariable("buttonsPos","top");' . "\\n";84                $output .= 's' . $videoid . '.addVariable("min\_alpha\_buttons",20);' . "\\n";85                $output .= 's' . $videoid . '.addVariable("max\_alpha\_buttons",100);' . "\\n";86                $output .= 's' . $videoid . '.addVariable("scaleTooltips","false");' . "\\n";878889        $output .= 's' . $videoid . '.write("video' . $videoid . '");' . "\\n";90        $output .= '</script>' . "\\n";9192        $videoid++;93        if(is\_feed()) {94                return $rss\_output;95        } else {96                return $output;97        }98}99100function FreemindAddPage() {101        add\_options\_page('Freemind Options', 'Freemind', '8', 'freemind-wp-browser.php', 'FreemindOptions');102}103104function FreemindOptions() {105        global $site\_url;106        $message \= '';107        $options \= get\_option('FreemindSettings');108        if ($\_POST) {109                if (isset($\_POST\['width'\])) {110                        $options\['width'\] \= $\_POST\['width'\];111                }112                if (isset($\_POST\['height'\])) {113                        $options\['height'\] \= $\_POST\['height'\];114                }115                116                update\_option('FreemindSettings', $options);117                $message \= '<div class="updated"><p>' . $options\['width'\] . 'x' . $options\['height'\] .'<strong>&nbsp; Options saved.</strong></p></div>';       118        }119        echo '<div class="wrap">';120        echo '<h2>Freemind Options</h2>';121        echo $message;122        echo '<form method="post" action="options-general.php?page=freemind-wp-browser.php">';123        echo "<p>Welcome to the Freemind WP Browser plugin options menu! Here you can set all width-height variables for your website.</p>";124        echo '<h3>Width-Height</h3>' . "\\n";125        echo '<table class="form-table">' . "\\n";126        echo '<tr><th scope="row">width</th><td>' . "\\n";127        echo '<input type="text" name="width" value="' . $options\['width'\] . '" />';128        echo '</td></tr>' . "\\n";129        echo '<tr><th scope="row">height</th><td>' . "\\n";130        echo '<input type="text" name="height" value="' . $options\['height'\] . '" />';131        echo '</td></tr>' . "\\n";132        echo '</table>' . "\\n";133134        echo '<p class="submit"><input class="button-primary" type="submit" method="post" value="Update Options"></p>';135        echo '</form>';136137138        echo '</div>';139}       140141function FreemindLoadDefaults() {142        $freemind\_preset \= array();143        $freemind\_preset\['width'\] \= '800';144        $freemind\_preset\['height'\] \= '400';145        return $freemind\_preset;146}147function FreemindMap\_head() {148        global $site\_url;149        echo '<script type="text/javascript" src="' . $site\_url . '/wp-content/plugins/freemind-wp-browser/swfobject.js"></script>' . "\\n";150}151152153function Freemind\_activate() {154        update\_option('FreemindSettings', FreemindLoadDefaults());155}156157register\_activation\_hook(\_\_FILE\_\_,'Freemind\_activate');158159function Freemind\_deactivate() {160        delete\_option('FreemindSettings');161}162163register\_deactivation\_hook(\_\_FILE\_\_,'Freemind\_deactivate');164165add\_action('wp\_head', 'FreemindMap\_head');166167// CONTENT FILTER168add\_filter('the\_content', 'FreemindMap\_Parse');169170add\_action('admin\_menu', 'FreemindAddPage');171172?>

CVE-2022-2443: freemind-wp-browser.php in freemind-wp-browser/trunk – WordPress Plugin Repository

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,

Published:2022/12/19  Last Updated:2022/12/19

**Overview**

OMRON CX-Drive contains a use-after-free vulnerability.

**Products Affected**

*   CX-Drive V3.00 and earlier

To check the product names and versions, refer to the manual "CX-Drive Operation User's Manual (SBCE-375)" provided by the developer.

**Description**

CX-Drive provided by Omron Corporation contains a use-after-free vulnerability (CWE-416).

**Impact**

By having a user to open a specially crafted file, arbitrary code may be executed.

**Solution**

**Apply Workarounds**  
Applying the following workarounds may mitigate the impact of this vulnerability.  
For more information, refer to the information provided by the developer under \[Vendor Status\] section's \[Status (Vulnerable)\] page.

**Vendor Status**

Vendor

Status

Last Update

Vendor Notes

OMRON Corporation

Vulnerable

2022/12/19

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

**Credit**

Michael Heinzl reported this vulnerability to JPCERT/CC.  
JPCERT/CC coordinated with the developer.

**Other Information**

JPCERT Alert

  

JPCERT Reports

  

CERT Advisory

  

CPNI Advisory

  

TRnotes

  

CVE

CVE-2022-46282  

JVN iPedia

CVE-2022-46282: Use-after-free vulnerability in Omron CX-Drive

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® EMA Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® Endpoint Management Assistant (EMA) software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-30297

Description: Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

**Affected Products:**

Intel® EMA software before version 1.8.0.

**Recommendations:**

Intel recommends updating the Intel® EMA software to version 1.8.0 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19449

**Acknowledgements:**

This issue was found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-30297: INTEL-SA-00716

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® DCM Advisory**

**Summary:**

A potential security vulnerability in the Intel® Data Center Manager (DCM) software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-33942

Description: Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

**Affected Products:**

Intel® DCM software before version 5.0.

**Recommendation:**

Intel recommends updating the Intel® DCM software to version 5.0 or later.

Updates are available for download at this location: https://www.intel.com/content/www/us/en/download/645992

**Acknowledgements:**

Intel would like to thank Julien Ahrens from RCE Security for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/08/2022

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33942: INTEL-SA-00713

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® EMA Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® Endpoint Management Assistant (EMA) software may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVEID: CVE-2022-38056

Description: Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.

CVSS Base Score: 3.8 Low

**Affected Products:**

Intel® EMA software before version 1.8.1.0.  
 

**Recommendations:**

Intel recommends updating the Intel® EMA software to version 1.8.1.0 or later.

Updates are available for download at this location: https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html  
 

**Acknowledgements:**

This issue was found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.  

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-38056: INTEL-SA-00764

Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® SUR Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® System Usage Report (SUR) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-40207

Description: Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score:  8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

**Affected Products:**

Intel® SUR software before version 2.4.8989.

**Recommendations:**

Intel recommends updating Intel® SUR software to version 2.4.8989 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19296

**Acknowledgements:**

Intel would like to thank Aobo Wang of Chaitin Security Research Lab for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-40207: INTEL-SA-00785

Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® EMA Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® Endpoint Management Assistant (EMA) software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-45128

Description: Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 5.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

**Affected Products:**

Intel® EMA software before version 1.9.0.0.

**Recommendations:**

Intel recommends updating the Intel® EMA software to version 1.9.0.0 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html

**Acknowledgements:**

Intel would like to thank Falcon Corruption @falconCorrup for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-45128: INTEL-SA-00797

Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® MacCPUID Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® MacCPUID software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-27180

Description: Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 4.2 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

**Affected Products:**

Intel® MacCPUID software before version 3.2.

**Recommendations:**

Intel recommends updating Intel® MacCPUID software to version 3.2 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/674424/maccpuid.html

**Acknowledgements:**

Intel would like to thank Kang Ali for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27180: INTEL-SA-00784

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.

**All Features**

 

**Launch Hotel Booking Website**

Launch an attractive and user-friendly online hotel booking system in a few seconds

 

**Tax Management**

With QloApps Tax Management, you can manage all types of taxes easily and smoothly

 

**Partial Payment Booking**

Customers can book rooms with partial payment with the QloApps hotel management software

 

**Integrated Payment Gateway**

QloApps supports all the payment gateways. Paypal is integrated by default in QloApps hotel software

 

**Multiple Languages and Currencies**

QloApps supports multiple languages and currencies. You can attract customers from any part of the globe

 

**Instant Email Notification**

Engage and retain your customer by instant email notifications and by sending them regular updates

 

**Manage Offline Booking**

Not only online, with QloApps hotel booking software, you can also manage offline or on-desk bookings

 

**Search Engine Optimization**

SEO increases the visibility of your hotel booking website in search engines

QloApps have fascinating features that enhance the online booking system. All these features help to improve user experience. Check out more

View all Features

**Marketplace**

**Launch Marketplace**

Launch your hotel marketplace and work as an online travel agency and earn a commission.

**Get More Hoteliers**

The QloApps Marketplace allows you to add as many hoteliers as you want. Those hotelier can add any number of hotels with any number of rooms.

**Earn Commission**

You can apply a different commission rate for different sellers. Then on their successful bookings earn your desired commission.

> Convert your hotel website into a marketplace of hotels and work as an online travel agency (OTA). Allow multiple vendors, hoteliers or property owners to list their properties/ hotels on your website and earn commission on their bookings.
> 
> Read More

**Add-Ons/Extensions**

Explore all the QloApps add-ons and find the best that suits your needs. Here you will find all the addons from the QloApps team.

QloApps PayPal Checkout

Allow your users to make online payments via the PayPal payment gateway. Your website users will be able to make payments to book rooms via Debit Cards, Credit Cards and PayPal accounts.

Know more

QloApps Hotel Virtual Tour

Allow your users to visit your property virtually. This addon will create a virtual tour of your hotel property so that the user can interact with it and checkout your hotel before booking it.

Know more

QloApps Front Desk System

Add a calendar to your dashboard with all booking information. This add-on will allow the admin to keep an eye on his bookings, check-ins, and check-outs from a single interface at the backend. The admin can also create a booking.

Know more

QloApps Tours and Packages

Sell tours and packages from your website. This addon will add the capability to create tours with full itenery and take the booking for the whole package. This addon will add a new dimension to your hotel business.

Know more

QloApps AMP(Accelerated Mobile Pages)

Create AMP pages of your hotel booking website. QloApps AMP is very vital for your website's SEO and overall user experience. It will decrease the load time while maintaining the performance.

Know more

QloApps Advanced Progressive Web App

Get the functionality of web app and push notifications. QloApps PWA will allow your users to install the web app of your website on their desktop and mobile devices. It will also give you the option to send 5 different types of notifications.

Know more

QloApps GDPR Compliance

Comply with new regulations: GDPR & European Union cookie law and ensures your customers of data protection. You can allow your customers to update or delete their personal data present on the website whenever they want.

Know more

QloApps Marketplace

Convert your website into a marketplace of hotels and launch your Online Travel Agency. Admin can grant access to Sellers/Hoteliers to add and sell hotel rooms and earn a commission for bookings made by customers through the website.

Know more

QloApps Myallocator Connector

Seamlessly connects QloApps with Myallocator channel manager to synchronize room inventory and rates of room types for various hotel properties.

Know more

We have multiple add-ons that help to increase the functionality of the online hotel reservation system. Check out the QloApps addon

View all Add-Ons

**Channel Manager**

> With QloApps Channel Manager you will be able to synchronize all your hotel listings from a single platform. Syncronize your rates, inventories, and bookings to avoid under bookings, overbookings and price mismanagement.
> 
> Read More

**Multi Channel  
Integration**

Our channel manager is integrated with multiple online travel agencies for centralized data management.

**Manage Prices & Inventory**

Update Prices and Room Inventory across various online travel agencies (OTAs) through single platform in real time.

**Manage Channels  
Bookings**

Inventories are managed on all channels when booking comes from any channel to avoid overbookings.

**Manage Multiple  
Hotels**

Our Channel Manager provides you an intuitive user-friendly Interface to easily manage multiple hotels.

**Cloud Hosting**

Host your QloApps hotel website on world's best Cloud Infrastructure Provider AWS (Amazon Web Services) and get 1 Year Free Hosting services Under AWS free tier plan. You also have the option to host your hotel website on GCP (Google Cloud Platform)

Secure System for your hotel booking website

Increase number of bookings with faster service

**Our Partners**

A single effort may fail but a collective effort is the guarantee of success. Your contribution can be of great significance. Our partnership should aim the mutual benefits and the benefit of the community. So let us make the Hospitality Industry great together.

BECOME A PARTNER

**Contribution to Open Web**

Community contributions are the heart of any open-source project's success. QloApps is a free hotel management software and a true open-source project serving the hotel industry. We invite you to make contributions to QloApps so that we can together serve the cause.

**We Got Featured !**

QloApps got mentioned and listed on various platforms. You can find us here.

**What our clients think about us!**

Meet our valuable clients and learn about their experiences with us.

**Pamela Payne**

“We are very satisfied with the flexibility of additional implementation and raw design for our esoteric and untried ideas of QloApps. We enjoy the time that our account manager spends to further explain capabilities and creative solutions. Bahayan is building a complete system with WebKul and QloApps with a good amount of ease and a great deal of cost savings.”

**Amir Atzmoni**

“We have been working with QloApps since 2019 on unique IT project. Their expertise and professionalism were evident throughout the development cycle, and we were very pleased with the final product. We have already completed two major releases with QloApps and are delighted with their services. They have shown enormous skill and vast domain knowledge and their IT expertise is reliable and trustworthy. We would recommend QloApps to anyone looking for quality IT and development services, delivered in a professional manner.”

**Josef Rufuma**

“I would like to say thank you for your good effort and support we have been receiving when working on our e commence software. when we request for support we receive the reply from you within hours and we receive a technical solution within hours or few days. your staff are very friendly to us.we look forward to continue working with you on our project. We thank you for the incredible services and amazing customer support you provide to us.”

**Juliane Drevitson**

“We've had a very positive experience so far with QloApps. Our project is a very complex one involving tons of modifications that are required to accommodate our unique business model and we feel that the reps have taken the time to really understand our business in order to customize the website to meet our needs. QloApps seems to be very flexible and user friendly which is why we are excited to begin using it!”

**Shai Diai**

“We thank QloApps for the wonderful job in helping us develop our program. Everyone was professional, excellent and hard working. Thanks to them, we were able to achieve our goal on time, and we look forward to continuing working with them in the future. ”

**Manoj Singh**

“It has been a positive experience to work with QloApps. It has turned out to be the most suitable match for our requirements. With a few customizations, we have been able to use QloApps to tailor-fit to our needs. I feel confident that the customized QloApps will deliver the value we are seeking from this solution.”

**To know how hotel management software is beneficial for you watch this video**

Watch Our Teaser Video

**Feature Suggestion**

Our aim is to help our users to attain what they desire. So we like to hear it from you. Please suggest a feature which you feel should be there in QloApps.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us