CVE-2020-28860

HIGH

OpenAsset Digital Asset Management <= 12.0.19 - Authenticated Blind SQL Injection

Title source: llm
STIX 2.1

Description

OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
http://openasset.com
Exploit, Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2020/Dec/21

Scores

CVSS v3 8.8
EPSS 0.0211
EPSS Percentile 79.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
openasset/digital_asset_management < 12.0.19
Published Dec 14, 2020
Tracked Since Feb 18, 2026