CVE-2022-48367
CRITICALibexa digital_experience_platform 3.3.0-3.3.17 - Missing Authorization
Title source: llmDescription
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
References (2)
Core 2
Scores
CVSS v3
9.8
EPSS
0.0072
EPSS Percentile
49.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (6)
ezsystems/ezpublish-kernel
7.5.0 - 7.5.28Packagist
ibexa/digital_experience_platform
3.3.0 - 3.3.18
ibexa/ez_platform_kernel
1.3.0 - 1.3.17
ibexa/ezplatform-http-cache-fastly
1.1.0 - 1.1.9
ibexa/fastly
4.0.0 - 4.0.5
ibexa/kernel
4.0.0 - 4.0.7
Published
Mar 12, 2023
Tracked Since
Feb 18, 2026