Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure

December 11, 2020

Posted by Jack Misiura via Fulldisclosure on Dec 11

Title: Cross-site request forgery (CSRF)

Product: OpenAsset Digital Asset Management by OpenAsset

Vendor Homepage: https://www.openasset.com/

Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise)

Fixed Version: 12.0.26 (Cloud) 11.4.10 (On-premise)

CVE Number: CVE-2020-28858

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-11-14 Disclosed to Vendor

2020-12-04 Vendor releases final…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

image

[NOVA] – Ransomware Victim: Portel Logistic Technologies

July 1, 2025
image

[QILIN] – Ransomware Victim: www[.]nuphoton[.]com

July 1, 2025
image

[QILIN] – Ransomware Victim: semco-tech[.]com

July 1, 2025
image

[KAWA4096] – Ransomware Victim: **********-*******[.]co[.]jp

July 1, 2025
image

[QILIN] – Ransomware Victim: simmons-Boardman Publishing, Inc

July 1, 2025