Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-15T12:35:09
Updated: 2024-08-03T22:24:59.579Z
Reserved: 2021-04-05T00:00:00
Link: CVE-2021-30137
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-15T13:15:07.903
Modified: 2024-11-21T06:03:22.627
Link: CVE-2021-30137
Redhat
No data.