GCVE - cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Ibexa (`a665ceae-5f4f-5036-b1ae-3820f5497dfc`)
Product	Kernel (`43d83e9c-40e6-5909-8b10-b87b88a3737b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:composer/ibexa/core`	purl2cpe	2026-06-01 10:15:04.372263
`pkg:github/ibexa/core`	purl2cpe	2026-06-01 10:15:04.372265

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-48367`	vulnerable	2026-06-03 14:48:33.454027	Details available An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:52:08.394Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48366`	vulnerable	2026-06-03 14:48:33.451311	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:54:22.053Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94 https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.