Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openasset digital asset management vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-28856
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing malicious users to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectivel...
Openasset Digital Asset Management
6.1
CVSSv3
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Openasset Digital Asset Management
8.8
CVSSv3
CVE-2020-28858
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
Openasset Digital Asset Management
6.1
CVSSv3
CVE-2020-28859
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Openasset Digital Asset Management
8.8
CVSSv3
CVE-2020-28860
OpenAssetDigital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
Openasset Digital Asset Management
5.3
CVSSv3
CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and previous versions failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated malicious users to gain access to potentially sensitive project information stored by the application.
Openasset Digital Asset Management
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started