GCVE - cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Ibexa (`a665ceae-5f4f-5036-b1ae-3820f5497dfc`)
Product	Ez Platform Kernel (`6d7ea003-c160-544f-9bd9-d535288529cd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:composer/ezsystems/ezplatform-core`	purl2cpe	2026-06-01 10:15:04.323562
`pkg:github/ezsystems/ezplatform-core`	purl2cpe	2026-06-01 10:15:04.323564

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-48367`	vulnerable	2026-06-03 14:48:33.454002	Details available An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:52:08.394Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48366`	vulnerable	2026-06-03 14:48:33.450575	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:54:22.053Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94 https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48365`	vulnerable	2026-06-03 14:48:33.447344	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T20:44:16.171Z Open on db.gcve.eu Reference links https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-46876`	vulnerable	2026-06-03 14:45:46.113628	Details available An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-05T16:44:45.468Z Open on db.gcve.eu Reference links https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-46875`	vulnerable	2026-06-03 14:45:46.113206	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T21:15:50.044Z Open on db.gcve.eu Reference links https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.