CVE-2021-30137

Name of the Vulnerable Software and Affected Versions Assyst 10 version SP7.5

Description The issue allows for authenticated XXE (XML External Entity) attacks, leading to Server-Side Request Forgery (SSRF) via XML unmarshalling. This occurs because the application permits users to send JSON or XML data to the server, and it was possible to inject malicious XML data through several access points.

Recommendations For Assyst 10 version SP7.5, consider disabling XML data processing until a patch is available to prevent malicious XML data injection. Restrict access to the XML unmarshalling functionality to minimize the risk of SSRF exploitation. Avoid using XML data in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.