CVE-2020-28861

MEDIUM

OpenAsset DAM <12.0.19 - Info Disclosure

Title source: llm

Description

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.

References (4)

[Vendor Advisory] http://openasset.com

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Dec/22

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160457/OpenAsset-Digital-Asset-Management-Insecure-Direct-Object-Reference.html

[Third Party Advisory] https://www.themissinglink.com.au/security-advisories-cve-2020-28861

Scores

CVSS v3 5.3

EPSS 0.0095

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-1236

Status published

Products (1)

openasset/digital_asset_management < 12.0.19

Published Dec 14, 2020

Tracked Since Feb 18, 2026