CVE-2020-28858

Cross-site request forgery in OpenAsset Digital Asset Management by OpenAsset | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

The OpenAsset Digital Asset Management application was vulnerable to cross-site request forgery because it did not verify whether a request made to itself was intentionally made by the user. All actions performed by the user's navigating the site, including all administrative user actions were found to be vulnerable.

Successful exploitation would allow attackers to perform any actions on behalf of the current user's security context.

Affected Versions

Discovered in: 12.0.19 (Cloud) 11.2.1 (On-Premise)

Fixed Versions

Fixed in: 12.0.26 (Cloud) 11.4.10 (On-Premise)

Latest News