Skip to main content

Exposure of Resource to Wrong Sphere

CVE-2022-25336

Severity Medium
Score 5.3/10

Summary

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and ezsystems/ezplatform-kernel 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Advisory Timeline

  • Published