Known Vulnerabilities for products from Ibexa
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Ibexa".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-70363 json | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attac... | Not Provided | 2026-03-06 | 2026-07-05 |
| CVE-2022-48367 json | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. | 9.8 - CRITICAL | 2023-03-12 | 2023-08-08 |
| CVE-2022-48366 json | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attac... | 3.7 - LOW | 2023-03-12 | 2023-03-16 |
| CVE-2022-48365 json | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. | 7.2 - HIGH | 2023-03-12 | 2023-03-16 |
| CVE-2022-41876 json | ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.1... | 5.3 - MEDIUM | 2022-11-10 | 2022-11-15 |
| CVE-2022-25337 json | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames... | 9.8 - CRITICAL | 2022-02-18 | 2022-03-03 |
| CVE-2022-25336 json | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDO... | 5.3 - MEDIUM | 2022-02-18 | 2023-08-08 |
| CVE-2021-46876 json | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine ac... | 5.3 - MEDIUM | 2023-03-12 | 2023-03-16 |
| CVE-2021-46875 json | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be up... | 6.1 - MEDIUM | 2023-03-12 | 2023-03-16 |
| CVE-2020-23065 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-06-26 | 2023-07-04 |