CVE-2022-23463 Nepxion Discovery is a solution for Spring Cloud that is vulnerable to SpEL Injection.
This issue was publicly disclosed on September 18, 2018 and was rated as high risk. Nepxion Discovery is a framework for distributed data analytics based on the Cloud dataflow architecture. It is vulnerable to Remote Code Execution due to a Criticality Injection Issue in Fuzzy Search. A user-supplied boolean expression can be injected into the fuzzy search algorithm to cause Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. This issue was publicly disclosed on September 20, 2018 and was rated as high risk. Nepxionsignalr is a command line tool for monitoring Nepxion applications. It is vulnerable to Remote Code Execution due to a Criticality Injection Issue in the SignalR Server. A user-supplied code can be injected into the SignalR server to cause Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. This issue was publicly disclosed on September 20, 2018 and was rated as high risk. Nepxion Store is a data storage solution based on Apache Cassandra. It is vulnerable to Remote Code Execution due to a Criticality Injection Issue in the Cassandra CQL parser. A user-supplied query can be injected in Cassandra to cause Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. This issue was publicly disclosed on September 20, 2018 and was rated
Summary
Nepxion Discovery and Nepxion SignalR are vulnerable to Remote Code Execution due to Criticality Injection Issues. There is no patch available for this issue at time of publication.
Timeline
Published on: 09/24/2022 05:15:00 UTC
Last modified on: 09/28/2022 15:36:00 UTC