CVE-2021-30137 HIGH

CVE-2021-30137

Vendor N/A
Product n/a
Published September 15, 2021
Last update August 3, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AC:H/AV:N/A:H/C:L/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.

Key dates

02Disclosure timeline

September 15, 2021 CVE published
August 3, 2024 Record updated