Vulnerability Database

296,489

Total vulnerabilities in the database

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

Published: Mar 12, 2023
Updated: May 9, 2024
CVE: CVE-2022-48366
GHSA: GHSA-66m4-gc8h-hpjx
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
ibexa / commerce	4.1.0	4.1.4
ibexa / commerce	4.0.0	4.0.7
ibexa / commerce	3.3.0	3.3.18
ibexa / commerce	2.5.0	2.5.13
ibexa / jmspaymentcorebundle	3.0.0	3.0.2
ibexa / ezplatform-page-builder	2.3.0	2.3.19
ibexa / ezplatform-page-builder	1.3.0	1.3.27
ibexa / ez_platform_kernel	1.3.0	1.3.19
ibexa / ez_platform_kernel	7.5.0	7.5.29
ibexa / digital_experience_platform	4.1.0	4.1.4
ibexa / digital_experience_platform	4.0.0	4.0.7
ibexa / digital_experience_platform	3.3.0	3.3.20
ibexa / ez_platform	-	2.5.30
ibexa / kernel	4.1.0	4.1.4
ibexa / kernel	4.0.0	4.0.7
ezsystems / ezplatform-kernel	1.3.0	1.3.19
ezsystems / ezpublish-kernel	7.5.0	7.5.29

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime