6 matches found
CVE-2020-28860
OpenAsset Digital Asset Management (DAM) up to 12.0.19 is affected by an authenticated blind SQL injection caused by improper sanitization of user input in SQL queries. The vulnerability is triggered via the /AJAXPage/SearchResults endpoint, using the currentSearchItems parameter, allowing an att...
CVE-2020-28857
OpenAsset Digital Asset Management (DAM) prior to patches 12.0.23 (Cloud) / 11.4.10 (On‑prem) is vulnerable to stored cross‑site scripting due to incomplete sanitization of user input across multiple parameters and endpoints (e.g., system preferences, project code, user/password regex fields, and...
CVE-2020-28856
Summary (CVE-2020-28856) OpenAsset Digital Asset Management (DAM) prior to 12.0.20 (Cloud) / 11.4.10 (On‑premise) improperly determines the originating IP from HTTP requests, enabling spoofing via the X-Forwarded-For header (e.g., 127.0.0.1) and bypassing IP‑based access controls. Affected versio...
CVE-2020-28858
OpenAsset Digital Asset Management (DAM) is affected by CSRF (CVE-2020-28858). vulnerable: Cloud 12.0.19 and On‑premise 11.2.1; fixed: Cloud 12.0.26 and On‑premise 11.4.10. Root cause: the app did not verify that user actions were intentionally initiated by the user, enabling CSRF across user fun...
CVE-2020-28859
CVE-2020-28859 affects OpenAsset Digital Asset Management (DAM) up to version 12.0.19. The vulnerability stems from improper input sanitization in multiple parameters/endpoints, enabling cross-site scripting (XSS). NVD describes reflected XSS; PacketStorm notes stored XSS in various fields. Fixed...
CVE-2020-28861
CVE-2020-28861 affects OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier. The vulnerability is an access control flaw on the /Stream/ProjectsCSV endpoint that allows unauthenticated attackers to retrieve potentially sensitive project data. Connected sources indicate vulnerable versions...