IP access control bypass in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Jack Misiura via Fulldisclosure on Dec 11

Title: IP access control bypass

Product: OpenAsset Digital Asset Management by OpenAsset

Vendor Homepage: https://www.openasset.com/

Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise)

Fixed Version: 12.0.20 (Cloud) 11.4.10 (On-premise)

CVE Number: CVE-2020-28856

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-11-14 Disclosed to Vendor

2020-12-04 Vendor releases final patches…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Available for Amazon Prime