Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openasset digital asset management vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
Openasset Digital Asset Management
383
VMScore
CVE-2020-28859
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
Openasset Digital Asset Management
445
VMScore
CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and previous versions failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated malicious users to gain access to potentially sensitive project information stored by the application.
Openasset Digital Asset Management
445
VMScore
CVE-2020-28856
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing malicious users to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectivel...
Openasset Digital Asset Management
605
VMScore
CVE-2020-28858
OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
Openasset Digital Asset Management
578
VMScore
CVE-2020-28860
OpenAssetDigital Asset Management (DAM) up to and including 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
Openasset Digital Asset Management
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started