CVE-2022-48366

Published Mar 12, 2023

Last updated 2 years ago

CVSS low 3.7

Overview

Description: An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99BD5846-A337-4DB0-AD4B-D5AC43374574",
            "versionEndExcluding": "2.5.13",
            "versionStartIncluding": "2.5.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C615105-3898-4F5D-A471-4A17D9D4C40E",
            "versionEndExcluding": "3.3.18",
            "versionStartIncluding": "3.3.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22CC127A-FCF6-42E5-8657-40D6D6BA407A",
            "versionEndExcluding": "4.0.7",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB6462C1-26C6-4550-8970-0D87B0085B1A",
            "versionEndExcluding": "4.1.4",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF0E126E-6CC0-4B4F-8EDA-8A8654122B75",
            "versionEndExcluding": "3.3.20",
            "versionStartIncluding": "3.3.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41E90F8A-62F4-427E-870A-7FE120226F86",
            "versionEndExcluding": "4.0.7",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47D91FC1-5677-44BB-A290-1F8B310DADE5",
            "versionEndExcluding": "4.1.4",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FC59878-0F30-434C-9542-8742237543AD",
            "versionEndExcluding": "2.5.30"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7924253B-4EC8-4E91-8400-2109825A8D70",
            "versionEndExcluding": "1.3.27",
            "versionStartIncluding": "1.3.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87DA57C-E7EF-4F67-AAB6-1256AC3F1C43",
            "versionEndExcluding": "2.3.19",
            "versionStartIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:jmspaymentcorebundle:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E312E42-DE15-487B-A5AA-1A1B1666AAC2",
            "versionEndExcluding": "3.0.2",
            "versionStartIncluding": "3.0.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E43724-FEF5-4817-870E-48D15BA73EC4",
            "versionEndExcluding": "1.3.19",
            "versionStartIncluding": "1.3.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2E1DD8D-84A4-49E1-B50D-10AA1B4871EF",
            "versionEndExcluding": "7.5.29",
            "versionStartIncluding": "7.5.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577C3DF2-1471-43C1-9242-D70EDDBA7216",
            "versionEndExcluding": "4.0.7",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7C28202-AFB4-4313-9FE8-017B8676A6CD",
            "versionEndExcluding": "4.1.4",
            "versionStartIncluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References