Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities found for ez_platform_kernel by ibexa
FKIE_CVE-2022-48367
Vulnerability from fkie_nvd - Published: 2023-03-12 05:15 - Updated: 2025-03-04 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | digital_experience_platform | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | ezplatform-http-cache-fastly | * | |
| ibexa | ezplatform-http-cache-fastly | * | |
| ibexa | fastly | * | |
| ibexa | fastly | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | kernel | * | |
| ibexa | kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F99D70-058B-42AA-BFC5-2808A8A184BE",
"versionEndExcluding": "3.3.18",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2716B2A6-DA8E-4173-831A-550EADA494B6",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8561A2C-AA69-4DF3-BF79-7D61C4E3A8A3",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ezplatform-http-cache-fastly:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B49D6881-F323-4187-B870-904C174CC368",
"versionEndExcluding": "1.1.9",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ezplatform-http-cache-fastly:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E70CCBF-647E-4889-9EC3-BEB69477C0D6",
"versionEndExcluding": "2.0.11",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:fastly:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25CBD47-FB4B-4A36-ACC5-901244F3BAD0",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:fastly:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0242756-34D0-427E-97FE-7709856CAE84",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87150525-9CD6-4035-A137-2CCFDD6182A7",
"versionEndExcluding": "1.3.17",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE097092-E293-4673-865F-6D274FE0F59A",
"versionEndExcluding": "7.5.28",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577C3DF2-1471-43C1-9242-D70EDDBA7216",
"versionEndExcluding": "4.0.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C28202-AFB4-4313-9FE8-017B8676A6CD",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled."
}
],
"id": "CVE-2022-48367",
"lastModified": "2025-03-04T17:15:11.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-12T05:15:12.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-48366
Vulnerability from fkie_nvd - Published: 2023-03-12 05:15 - Updated: 2025-03-04 17:15
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | commerce | * | |
| ibexa | commerce | * | |
| ibexa | commerce | * | |
| ibexa | commerce | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | ez_platform | * | |
| ibexa | ezplatform-page-builder | * | |
| ibexa | ezplatform-page-builder | * | |
| ibexa | jmspaymentcorebundle | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | kernel | * | |
| ibexa | kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD5846-A337-4DB0-AD4B-D5AC43374574",
"versionEndExcluding": "2.5.13",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C615105-3898-4F5D-A471-4A17D9D4C40E",
"versionEndExcluding": "3.3.18",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22CC127A-FCF6-42E5-8657-40D6D6BA407A",
"versionEndExcluding": "4.0.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6462C1-26C6-4550-8970-0D87B0085B1A",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0E126E-6CC0-4B4F-8EDA-8A8654122B75",
"versionEndExcluding": "3.3.20",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E90F8A-62F4-427E-870A-7FE120226F86",
"versionEndExcluding": "4.0.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47D91FC1-5677-44BB-A290-1F8B310DADE5",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59878-0F30-434C-9542-8742237543AD",
"versionEndExcluding": "2.5.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7924253B-4EC8-4E91-8400-2109825A8D70",
"versionEndExcluding": "1.3.27",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA57C-E7EF-4F67-AAB6-1256AC3F1C43",
"versionEndExcluding": "2.3.19",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:jmspaymentcorebundle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E312E42-DE15-487B-A5AA-1A1B1666AAC2",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E43724-FEF5-4817-870E-48D15BA73EC4",
"versionEndExcluding": "1.3.19",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E1DD8D-84A4-49E1-B50D-10AA1B4871EF",
"versionEndExcluding": "7.5.29",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577C3DF2-1471-43C1-9242-D70EDDBA7216",
"versionEndExcluding": "4.0.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C28202-AFB4-4313-9FE8-017B8676A6CD",
"versionEndExcluding": "4.1.4",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."
}
],
"id": "CVE-2022-48366",
"lastModified": "2025-03-04T17:15:10.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-12T05:15:12.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-46875
Vulnerability from fkie_nvd - Published: 2023-03-12 05:15 - Updated: 2025-03-04 22:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237B12CD-4231-44F8-9D08-3BC51AB4F39F",
"versionEndExcluding": "1.2.5.1",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C02E22F2-C991-4B78-BCC3-5E93D4628E59",
"versionEndExcluding": "1.3.1.1",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECE90FB-A298-4B00-A986-31B1027B5D22",
"versionEndExcluding": "6.13.8.2",
"versionStartIncluding": "6.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAD7F43-AC2B-45CD-B041-DDB4F84B4A51",
"versionEndExcluding": "7.5.15.2",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file."
}
],
"id": "CVE-2021-46875",
"lastModified": "2025-03-04T22:15:35.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-12T05:15:11.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-46876
Vulnerability from fkie_nvd - Published: 2023-03-12 05:15 - Updated: 2025-03-05 17:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5472C5-EE58-482A-ADE4-BBB88926B151",
"versionEndExcluding": "6.13.8.1",
"versionStartIncluding": "6.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A805C9F-9CF9-48EA-89BA-06BA45E9106A",
"versionEndExcluding": "7.5.15.1",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence."
}
],
"id": "CVE-2021-46876",
"lastModified": "2025-03-05T17:15:11.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-12T05:15:11.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-48365
Vulnerability from fkie_nvd - Published: 2023-03-12 05:15 - Updated: 2025-03-04 21:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | digital_experience_platform | * | |
| ibexa | digital_experience_platform | * | |
| ibexa | ez_platform | * | |
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D648A2C-784A-4304-A7FA-A96AF7B34D62",
"versionEndExcluding": "3.3.28",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B890D90-B618-458C-8159-B2509CC05010",
"versionEndExcluding": "4.2.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72BDEA-0D21-4A6F-BFD0-93CF1B9F1425",
"versionEndExcluding": "2.5.31",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540AA072-D80B-4B6B-8992-92F50832B4B8",
"versionEndExcluding": "1.3.26",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "987F0089-4E02-4EF4-818C-ECCB35133D69",
"versionEndExcluding": "7.5.30",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges."
}
],
"id": "CVE-2022-48365",
"lastModified": "2025-03-04T21:15:11.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-12T05:15:11.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-25337
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:52
Severity ?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B952CD1C-CBDA-4AB3-8C14-E847A661A6C6",
"versionEndExcluding": "1.3.12",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "613E9544-8075-453C-9E50-E01CDB5AAF6E",
"versionEndExcluding": "7.5.26",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames."
},
{
"lang": "es",
"value": "Ibexa DXP ezsystems/ezpublish-kernel versiones 7.5.x anteriores a 7.5.26 y versiones 1.3.x anteriores a 1.3.12, permite ataques de inyecci\u00f3n por medio de nombres de archivos de im\u00e1genes"
}
],
"id": "CVE-2022-25337",
"lastModified": "2024-11-21T06:52:01.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:13.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25336
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:52
Severity ?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibexa | ez_platform_kernel | * | |
| ibexa | ez_platform_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B952CD1C-CBDA-4AB3-8C14-E847A661A6C6",
"versionEndExcluding": "1.3.12",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "613E9544-8075-453C-9E50-E01CDB5AAF6E",
"versionEndExcluding": "7.5.26",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced."
},
{
"lang": "es",
"value": "Ibexa DXP ezsystems/ezpublish-kernel versiones 7.5.x anteriores a 7.5.26 y versiones 1.3.x anteriores a 1.3.12, permite ataques de Referencia Directa a Objetos Insegura (IDOR) contra archivos de imagen porque la ruta de la imagen y el nombre del archivo pueden ser deducidos correctamente"
}
],
"id": "CVE-2022-25336",
"lastModified": "2024-11-21T06:52:01.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:13.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-46875 (GCVE-0-2021-46875)
Vulnerability from cvelistv5 – Published: 2023-03-12 00:00 – Updated: 2025-03-04 21:15
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T21:15:05.649442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T21:15:50.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46875",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T21:15:50.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48366 (GCVE-0-2022-48366)
Vulnerability from cvelistv5 – Published: 2023-03-12 00:00 – Updated: 2025-03-04 16:54
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:53:33.539529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:54:22.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
},
{
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48366",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T16:54:22.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46876 (GCVE-0-2021-46876)
Vulnerability from cvelistv5 – Published: 2023-03-12 00:00 – Updated: 2025-03-05 16:44
VLAI?
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:41:54.345463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:44:45.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46876",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-05T16:44:45.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48365 (GCVE-0-2022-48365)
Vulnerability from cvelistv5 – Published: 2023-03-12 00:00 – Updated: 2025-03-04 20:44
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:32:41.764029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:44:16.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
},
{
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48365",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T20:44:16.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48367 (GCVE-0-2022-48367)
Vulnerability from cvelistv5 – Published: 2023-03-12 00:00 – Updated: 2025-03-04 16:52
VLAI?
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:52:00.491544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:52:08.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48367",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T16:52:08.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25336 (GCVE-0-2022-25336)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:49 – Updated: 2024-08-03 04:36
VLAI?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:49:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization",
"refsource": "MISC",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25336",
"datePublished": "2022-02-18T17:49:08.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25337 (GCVE-0-2022-25337)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:48 – Updated: 2024-08-03 04:36
VLAI?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:48:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization",
"refsource": "MISC",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25337",
"datePublished": "2022-02-18T17:48:48.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46875 (GCVE-0-2021-46875)
Vulnerability from nvd – Published: 2023-03-12 00:00 – Updated: 2025-03-04 21:15
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T21:15:05.649442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T21:15:50.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46875",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T21:15:50.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48366 (GCVE-0-2022-48366)
Vulnerability from nvd – Published: 2023-03-12 00:00 – Updated: 2025-03-04 16:54
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:53:33.539529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:54:22.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"
},
{
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48366",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T16:54:22.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46876 (GCVE-0-2021-46876)
Vulnerability from nvd – Published: 2023-03-12 00:00 – Updated: 2025-03-05 16:44
VLAI?
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:41:54.345463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:44:45.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46876",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-05T16:44:45.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48365 (GCVE-0-2022-48365)
Vulnerability from nvd – Published: 2023-03-12 00:00 – Updated: 2025-03-04 20:44
VLAI?
Summary
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:32:41.764029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:44:16.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab"
},
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g"
},
{
"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48365",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T20:44:16.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48367 (GCVE-0-2022-48367)
Vulnerability from nvd – Published: 2023-03-12 00:00 – Updated: 2025-03-04 16:52
VLAI?
Summary
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:52:00.491544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:52:08.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge"
},
{
"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48367",
"datePublished": "2023-03-12T00:00:00.000Z",
"dateReserved": "2023-03-12T00:00:00.000Z",
"dateUpdated": "2025-03-04T16:52:08.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25336 (GCVE-0-2022-25336)
Vulnerability from nvd – Published: 2022-02-18 17:49 – Updated: 2024-08-03 04:36
VLAI?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:49:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization",
"refsource": "MISC",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25336",
"datePublished": "2022-02-18T17:49:08.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25337 (GCVE-0-2022-25337)
Vulnerability from nvd – Published: 2022-02-18 17:48 – Updated: 2024-08-03 04:36
VLAI?
Summary
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:48:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization",
"refsource": "MISC",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25337",
"datePublished": "2022-02-18T17:48:48.000Z",
"dateReserved": "2022-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}