CVE-2022-23464 | Potential Server Side Request Forgery (SSRF) in Nepxion Discovery
Exp
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There is no patch available for this issue at time of publication. There are no known workarounds.
Conclusion & alert: CVE-2022-23464 is rated Exploit Available (50/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.61%).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB).Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2022-23464
Exploit prediction scoring system (EPSS) score for CVE-2022-23464
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
GHSA-hhxh-qphc-v423 · Severity: medium · Ecosystem: maven — Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Affected software / configurations for CVE-2022-23464