CRITICAL🇵🇱 Wersja polska

CVE-2022-23851

CVSS 9.8v3.1pub. 2025-12-17upd. 2026-01-05

Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).

🤖 AI Analysis
How it works

SSTI (Server-Side Template Injection) involves injecting malicious code into a template processed on the server side. An attacker provides specially crafted input data that the template engine interprets and executes as code instead of treating it as plain text. In the case of the vulnerability classified as CWE-1336, this means improper neutralization of input data in templates, which enables the execution of arbitrary instructions in the context of the application or operating system.

Impact

An attacker can gain full control over the server, including reading and modifying sensitive data, executing arbitrary system commands (RCE), and potentially conducting lateral movement within the victim's infrastructure.

Mitigation & patch

Netaxis API Orchestrator should be updated to version 0.19.3 or later. It is also recommended to restrict network access to the API interface only to trusted sources as a complementary security measure.

Who is affected

Netaxis API Orchestrator (APIO) in versions prior to 0.19.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netaxis Api Orchestrator

    APP
    Netaxis
    < 0.19.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References