Vulnerabilities > CVE-2021-30137 - XXE vulnerability in Axiossystems Assyst 10

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
axiossystems
CWE-611

Summary

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.

Vulnerable Configurations

Part Description Count
Application
Axiossystems
1