Insecure Direct Object Reference Vulnerability in Ibexa DXP by Ibexa
CVE-2022-25336

5.3MEDIUM

Key Information:

Vendor: Ibexa
Status: Ez Platform Kernel
Vendor: CVE Published:; 18 February 2022

What is CVE-2022-25336?

The vulnerability in Ibexa DXP allows attackers to exploit Insecure Direct Object Reference (IDOR) issues against image files. This occurs due to predictable image paths and filenames, which can be easily deduced. Attackers can leverage this flaw to access unauthorized files, compromising the security of the affected systems. Users are encouraged to review their implementations and update to the latest secured versions to mitigate this risk.

References

https://developers.ibexa.co/security-advisories/ibexa-sa-...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Feb 18, 2022