GCVE - cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ibexa (`a665ceae-5f4f-5036-b1ae-3820f5497dfc`)
Product	Digital Experience Platform (`83314dc2-06ef-5c3d-a12e-9ee58b9209bb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-26268`	vulnerable	2026-06-03 14:55:15.500397	Details available MEDIUM (5.3) User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. Published: 2024-02-20T13:17:28.137Z Updated: 2024-08-15T17:50:15.783Z Open on db.gcve.eu Reference links https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48367`	vulnerable	2026-06-03 14:48:33.451802	Details available An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:52:08.394Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48366`	vulnerable	2026-06-03 14:48:33.448709	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T16:54:22.053Z Open on db.gcve.eu Reference links https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94 https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48365`	vulnerable	2026-06-03 14:48:33.446265	Details available An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. Published: 2023-03-12T00:00:00.000Z Updated: 2025-03-04T20:44:16.171Z Open on db.gcve.eu Reference links https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.