Vulnerability Description
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Damstratechnology | Smart Asset | 2020.7 |
Related Weaknesses (CWE)
References
- https://github.com/lukaszstu/SmartAsset-SQLinj-CVE-2020-26525/blob/main/README.mThird Party Advisory
- https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsseVendor Advisory
- https://www.smartasset.com.au/ProductVendor Advisory
- https://github.com/lukaszstu/SmartAsset-SQLinj-CVE-2020-26525/blob/main/README.mThird Party Advisory
- https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsseVendor Advisory
- https://www.smartasset.com.au/ProductVendor Advisory
FAQ
What is CVE-2020-26525?
CVE-2020-26525 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
How severe is CVE-2020-26525?
CVE-2020-26525 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26525?
Check the references section above for vendor advisories and patch information. Affected products include: Damstratechnology Smart Asset.