Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
DamstratechnologySmart Asset

3 matches found

CVE
CVEadded 2020/10/02 7:55 p.m.54 views

CVE-2020-26526

Technical details about CVE-2020-26526 are not publicly provided in the supplied documents. What is disclosed is the login-page username enumeration issue for Damstra Smart Asset 2020.7. Monitor for updates from vendors/security advisories.

5.3CVSS5.2AI score0.01449EPSS
CVE
CVEadded 2020/10/02 7:47 p.m.52 views

CVE-2020-26525

Damstra Smart Asset 2020.7 is affected by a SQL injection in the API endpoint API/Asset originator parameter. The root cause is an SQL injection vulnerability that can cause the database and server to initiate remote connections to third‑party DNS servers. This CVE (CVE-2020-26525) is documented ...

9.1CVSS9.5AI score0.25499EPSS
CVE
CVEadded 2020/10/02 8:5 p.m.49 views

CVE-2020-26527

The CVE-2020-26527 entry concerns Damstra Smart Asset 2020.7, specifically the API/api/Version endpoint. The underlying issue is a Cross-Origin Resource Sharing (CORS) misconfiguration where arbitrary origins are trusted by accepting any Origin header and replying with 200 OK and Access-Control-A...

9.8CVSS9.4AI score0.00901EPSS