Ahmet Gurel

**Name of the Vulnerable Software and Affected Versions** SearchBlox version 8.6.7 **Description** A XML external entity (XXE) issue in the `api/rest/status` endpoint allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks by sending a crafted DTD in an XML request. **Recommendations** For SearchBlox version 8.6.7, as a temporary workaround, consider disabling the `api/rest/status` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using crafted DTDs in XML requests to the affected endpoint until the issue is resolved.