VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jjry-usfr-dqfy

Essentials
Severities (17)
References (7)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jjry-usfr-dqfy
Aliases	CVE-2022-48366 GHSA-66m4-gc8h-hpjx
Summary	An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
Status	Published
Exploitability	0.5
Weighted Severity	3.3
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0023	https://api.first.org/data/v1/epss?cve=CVE-2022-48366
epss	0.0023	https://api.first.org/data/v1/epss?cve=CVE-2022-48366
epss	0.0023	https://api.first.org/data/v1/epss?cve=CVE-2022-48366
cvssv3.1	3.7	https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
generic_textual	LOW	https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
ssvc	Track	https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-66m4-gc8h-hpjx
cvssv3.1	3.7	https://github.com/ezsystems/ezplatform-kernel
generic_textual	LOW	https://github.com/ezsystems/ezplatform-kernel
cvssv3.1	3.7	https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
generic_textual	LOW	https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
ssvc	Track	https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
cvssv3.1	3.7	https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
generic_textual	LOW	https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
ssvc	Track	https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-48366
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2022-48366

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-48366
		https://github.com/ezsystems/ezplatform-kernel
		https://nvd.nist.gov/vuln/detail/CVE-2022-48366
GHSA-342c-vcff-2ff2		https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
GHSA-66m4-gc8h-hpjx		https://github.com/advisories/GHSA-66m4-gc8h-hpjx
GHSA-xfqg-p48g-hh94		https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce		https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/ Found at https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/ezsystems/ezplatform-kernel

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/ Found at https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/ Found at https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48366

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45977
EPSS Score	0.0023
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:40:32.016158+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2022/48xxx/CVE-2022-48366.json	38.6.0