CVE-2020-28856

Name of the Vulnerable Software and Affected Versions OpenAsset Digital Asset Management (DAM) versions 12.0.19 and earlier

Description The issue allows attackers to spoof the HTTP request's originating IP address by using the X-Forwarded-For header, potentially bypassing IP address-based access controls. This can be achieved by supplying a localhost address, such as 127.0.0.1.

Recommendations For versions 12.0.19 and earlier, consider implementing additional access controls that are not solely based on IP addresses, such as authentication tokens or other forms of verification, until a patch is available. As a temporary workaround, restrict the use of the X-Forwarded-For header to minimize the risk of IP address spoofing.