CVE-2022-48367

Published Mar 12, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3F99D70-058B-42AA-BFC5-2808A8A184BE",
            "versionEndExcluding": "3.3.18",
            "versionStartIncluding": "3.3.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2716B2A6-DA8E-4173-831A-550EADA494B6",
            "versionEndExcluding": "4.0.5",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8561A2C-AA69-4DF3-BF79-7D61C4E3A8A3",
            "versionEndExcluding": "4.1.2",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:ezplatform-http-cache-fastly:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B49D6881-F323-4187-B870-904C174CC368",
            "versionEndExcluding": "1.1.9",
            "versionStartIncluding": "1.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:ezplatform-http-cache-fastly:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E70CCBF-647E-4889-9EC3-BEB69477C0D6",
            "versionEndExcluding": "2.0.11",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:fastly:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B25CBD47-FB4B-4A36-ACC5-901244F3BAD0",
            "versionEndExcluding": "4.0.5",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibexa:fastly:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0242756-34D0-427E-97FE-7709856CAE84",
            "versionEndExcluding": "4.1.2",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87150525-9CD6-4035-A137-2CCFDD6182A7",
            "versionEndExcluding": "1.3.17",
            "versionStartIncluding": "1.3.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE097092-E293-4673-865F-6D274FE0F59A",
            "versionEndExcluding": "7.5.28",
            "versionStartIncluding": "7.5.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "577C3DF2-1471-43C1-9242-D70EDDBA7216",
            "versionEndExcluding": "4.0.7",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7C28202-AFB4-4313-9FE8-017B8676A6CD",
            "versionEndExcluding": "4.1.4",
            "versionStartIncluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References