Vulnerability Description
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openasset | Digital Asset Management | <= 12.0.19 |
Related Weaknesses (CWE)
References
- http://openasset.comVendor Advisory
- http://packetstormsecurity.com/files/160459/OpenAsset-Digital-Asset-Management-SExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/21ExploitMailing ListThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-28860Third Party Advisory
- http://openasset.comVendor Advisory
- http://packetstormsecurity.com/files/160459/OpenAsset-Digital-Asset-Management-SExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/21ExploitMailing ListThird Party Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-28860Third Party Advisory
FAQ
What is CVE-2020-28860?
CVE-2020-28860 is a vulnerability with a CVSS score of 8.8 (HIGH). OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
How severe is CVE-2020-28860?
CVE-2020-28860 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28860?
Check the references section above for vendor advisories and patch information. Affected products include: Openasset Digital Asset Management.