7.2
CVE-2022-48365
- EPSS 0.86%
- Veröffentlicht 12.03.2023 05:15:11
- Zuletzt bearbeitet 04.03.2025 21:15:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibexa ≫ Digital Experience Platform Version >= 3.3.0 < 3.3.28
Ibexa ≫ Digital Experience Platform Version >= 4.2.0 < 4.2.3
Ibexa ≫ Ez Platform Version >= 2.5.0 < 2.5.31
Ibexa ≫ Ez Platform Kernel Version >= 1.3.0 < 1.3.26
Ibexa ≫ Ez Platform Kernel Version >= 7.5.0 < 7.5.30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.538 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g