Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-15T12:35:09

Updated: 2024-08-03T22:24:59.579Z

Reserved: 2021-04-05T00:00:00

Link: CVE-2021-30137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-15T13:15:07.903

Modified: 2024-11-21T06:03:22.627

Link: CVE-2021-30137

cve-icon Redhat

No data.