SCA: security update for akeneo/pim-community-dev (GHSA-w9wc-4xcq-8gr6)

high Tenable Self-Hosted Container Security Plugin ID 419853

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions
before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server
by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides
patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this
vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to
be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October
2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch
\.php$>` in their apache httpd configurations with: `<Location "/index.php">`. (CVE-2022-46157)

See Also

https://github.com/advisories/GHSA-w9wc-4xcq-8gr6

Plugin Details

Severity: High

ID: 419853

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-46157

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/9/2022

Vulnerability Publication Date: 12/9/2022

Reference Information

CVE: CVE-2022-46157