3 matches found
CVE-2022-48367
An issue in eZ Publish Ibexa Kernel prior to 7.5.28 permits improper access control based on object state, leading to potential unauthorized access. CVSS v3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no user interaction. A remediation is to upgrade to 7.5.28 or later per the associated a...
CVE-2022-48365
The CVE-2022-48365 issue affects eZ Platform Ibexa Kernel before 1.3.26, where the Company admin role grants excessive privileges. Impact includes elevated access to perform actions that should be restricted. The vulnerability is rooted in improper privilege management for the admin role, allowin...
CVE-2022-48366
CVE-2022-48366 affects eZ Platform Ibexa Kernel prior to 1.3.19, enabling an attacker to determine whether an account exists via a timing attack (remote, no auth, no user interaction). The CVSS v3.1 vector indicates network access, high attack complexity, and no privileges required, with a low co...