Ez Platform Kernel

ez_platform_kernel

Vendor: Ibexa • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48367 1Ibexa 5Digital Experience Platform Ez Platform KernelEzplatform Http Cache Fastly+2 more Mar 4, 2025 Mar 12, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
CVE-2022-48366 1Ibexa 7Commerce Digital Experience PlatformEz Platform+4 more Mar 4, 2025 Mar 12, 2023 N/A· v4 3.7 LOW· v3 N/A· v2 An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
CVE-2022-48365 1Ibexa 3Digital Experience Platform Ez PlatformEz Platform Kernel Mar 4, 2025 Mar 12, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
CVE-2021-46876 1Ibexa 1Ez Platform Kernel Mar 5, 2025 Mar 12, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
CVE-2021-46875 1Ibexa 1Ez Platform Kernel Mar 4, 2025 Mar 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
CVE-2022-25337 1Ibexa 1Ez Platform Kernel Nov 21, 2024 Feb 18, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
CVE-2022-25336 1Ibexa 1Ez Platform Kernel Nov 21, 2024 Feb 18, 2022 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.