← Back

CVE-2022-48365

nvd nist
Published: Mar 12, 2023Modified: Mar 4, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.

Affected (5)

Ibexa
3 products
Digital Experience Platform
Ez Platform
Ez Platform Kernel
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Ibexa
Digital Experience Platform
From 3.3.0 to 3.3.28
Digital Experience Platform
From 4.2.0 to 4.2.3
Ez Platform
From 2.5.0 to 2.5.31
Ibexa
Ez Platform Kernel
From 1.3.0 to 1.3.26
Ez Platform Kernel
From 7.5.0 to 7.5.30

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.