CVE-2022-45085 Gruparge CVE debrief

Who should care

Organizations running Smartpower Web before 23.01.01, especially administrators who expose the application to less-trusted users, networks, or integrations that could be abused to trigger server-side requests.

Technical summary

The NVD record describes a SSRF condition in Smartpower Web, with affected versions ending before 23.01.01. The CVSS vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating remote reachability, low attack complexity, low required privileges, no user interaction, and primary confidentiality impact. The listed weakness is CWE-918. Public references include NVD and USOM advisories.

Defensive priority

High for any environment still running Smartpower Web before 23.01.01. The combination of remote reachability, low privileges, and confidentiality impact makes this a meaningful exposure even though the overall CVSS score is Medium.

Recommended defensive actions

• Upgrade Smartpower Web to version 23.01.01 or later.
• Review any externally reachable or user-influenced features that can trigger outbound requests from the application.
• Restrict network egress from the Smartpower Web host to only necessary destinations.
• Monitor logs for unusual outbound request patterns or unexpected internal address access attempts.
• If immediate upgrading is not possible, place compensating controls around the application and its outbound network access.

Evidence notes

The vulnerability description, affected version boundary, and severity come from the supplied CVE/NVD corpus: Smartpower Web before 23.01.01, CVSS 6.5/Medium, and CVSS vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Weakness mapping is CWE-918 from NVD and the USOM-linked advisory. Publication timing is based on the supplied CVE publishedAt value of 2023-02-12T04:15:16.397Z; modifiedAt is 2026-05-18T16:16:28.010Z.

Official resources