OpenAsset Digital Asset Management (DAM) up to and including 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing malicious users to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openasset digital asset management |