CVE-2022-48366Race Condition in Commerce

CWE-362Race Condition3 documents3 sources
Severity
3.7LOWNVD
EPSS
0.2%
top 54.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Ibexa CommerceIbexa Digital Experience PlatformIbexa EZ Platform+6 more
Timeline
PublishedMar 12

Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages9 packages

NVDibexa/ez_platform_kernel1.3.01.3.19+1
NVDibexa/kernel4.0.04.0.7+1
NVDibexa/ez_platform< 2.5.30
Packagistezsystems/ezplatform-kernel1.3.01.3.19
NVDibexa/ezplatform-page-builder1.3.01.3.27+1

🔴Vulnerability Details

2
GHSA
Timing attack in eZ Platform Ibexa2023-03-12
OSV
Timing attack in eZ Platform Ibexa2023-03-12