PT-2020-17047 · Openasset · Openasset Digital Asset Management

Jack Misiura

Published

2020-12-14

Updated

2020-12-15

CVE-2020-28860

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenAssetDigital Asset Management (DAM) through 12.0.19

Description The issue allows for authenticated blind SQL injection due to the software not correctly sanitizing user-supplied input, which is then incorporated into its SQL queries.

Recommendations For OpenAssetDigital Asset Management (DAM) versions through 12.0.19, consider restricting access to sensitive database queries until a patch is available. As a temporary workaround, limit user input to prevent malicious SQL code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-28860

Affected Products

Openasset Digital Asset Management

PT-2020-17047 · Openasset · Openasset Digital Asset Management

CVE-2020-28860

Weakness Enumeration

Related Identifiers

Affected Products

References · 7