CVE-2022-48365Improper Privilege Management in Digital Experience Platform

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.7%
top 28.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Ibexa Digital Experience PlatformIbexa EZ PlatformIbexa EZ Platform Kernel+2 more
Timeline
PublishedMar 12

Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

NVDibexa/ez_platform_kernel1.3.01.3.26+1
NVDibexa/ez_platform2.5.02.5.31
Packagistezsystems/ezplatform-kernel1.3.01.3.26
NVDibexa/digital_experience_platform3.3.03.3.28+1
Packagistezsystems/ezpublish-kernel7.5.07.5.30

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Company admin role gives excessive privileges in eZ Platform Ibexa2023-03-12
OSV
Company admin role gives excessive privileges in eZ Platform Ibexa2023-03-12