LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-03T19:38:12
Updated: 2024-08-03T21:33:16.478Z
Reserved: 2021-03-03T00:00:00
Link: CVE-2021-27931
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-03T20:15:12.357
Modified: 2021-03-10T14:36:41.550
Link: CVE-2021-27931
Redhat
No data.