CVE-2021-30137

Published September 15th, 2021

View on NVD ↗

CVSS v3

7.7

HIGH

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.

post-cyberlabs/CVE-Advisory

Publishing advisories for CVEs found by POST Cyberforce

GitHub