CVE-2022-23851
Server-Side Template Injection in Netaxis APIO Before
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netaxis | apio | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-23851 is a server side template injection (SSTI) vulnerability in Netaxis API Orchestrator (APIO) versions before 0.19.3. This means that an attacker could inject malicious template code into the server-side templates used by the application, potentially leading to unauthorized code execution or other malicious actions on the server.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on the server hosting the Netaxis APIO platform. This could lead to unauthorized access, data leakage, service disruption, or further compromise of the system and connected infrastructure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the server side template injection (SSTI) vulnerability in Netaxis API Orchestrator (APIO), you should upgrade the APIO software to version 0.19.3 or later, as versions before 0.19.3 are vulnerable.