Ibexa Digital Experience Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Ibexa Digital Experience Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-48367 — CVSS 9.8 (critical): An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
CVE-2022-48365 — CVSS 7.2 (high): An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
CVE-2022-48366 — CVSS 3.7 (low): An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.