CVE-2022-48367Missing Authorization in Digital Experience Platform

CWE-862Missing Authorization3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 39.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Ibexa Digital Experience PlatformIbexa EZ Platform KernelIbexa Ezplatform-http-cache-fastly+3 more
Timeline
PublishedMar 12

Description

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDibexa/kernel4.0.04.0.7+1
NVDibexa/ez_platform_kernel1.3.01.3.17+1
Packagistezsystems/ezpublish-kernel7.5.07.5.28
NVDibexa/fastly4.0.04.0.5+1
NVDibexa/digital_experience_platform3.3.03.3.18+2

🔴Vulnerability Details

2
OSV
Access control issue in ezsystems/ezpublish-kernel2023-03-12
GHSA
Access control issue in ezsystems/ezpublish-kernel2023-03-12