Description
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2020-21248 | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-04T23:41:29.558Z
Reserved: 2020-11-16T00:00:00.000Z
Link: CVE-2020-28856
No data.
Status : Modified
Published: 2020-12-14T18:15:13.240
Modified: 2026-06-17T03:10:45.270
Link: CVE-2020-28856
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-290
Authentication Bypass by Spoofing
EUVD