Security advisory: IBEXA-SA-2023-004

Unauthenticated deletion in recommendation engine
Publication date:
20/07/2023, 10:10


Affected versions: Ibexa DXP v4.5.*
Resolving versions: Ibexa DXP v4.5.1

This security advisory resolves a vulnerability in the recommendation engine of Ibexa Personalization. Before version 4.5.1 it was vulnerable to unauthenticated deletion requests. Content could be deleted from the recommendation engine, but not from storage in the Ibexa DXP database. The update resolves the issue.

Have you found a security bug in Ibexa DXP? See how to report it responsibly here:

All security advisories