Lucene search
MitreCVELIST:CVE-2020-28856HistoryDec 14, 2020 - 5:59 p.m.
CVE-2020-28856
2020-12-1417:59:04
mitre
www.cve.org
3
openasset digital asset management
version 12.0.19
ip spoofing
EPSS
0.003
Percentile
69.8%
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP requestβs originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
Related
nvd
nvd
CVE-2020-28856
2020-12-14 18:15:13
prion
prion
Design/Logic Flaw
2020-12-14 18:15:00
packetstorm
packetstorm
OpenAsset Digital Asset Management IP Access Control Bypass
2020-12-11 00:00:00
cve
cve
CVE-2020-28856
2020-12-14 18:15:13