| ID | CVE-2020-28856 | ||||||
| Sažetak | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | ||||||
| Reference |
|
||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | AV:N/AC:L/Au:N/C:N/I:P/A:N | ||||||
| Zadnje važnije ažuriranje | 05-07-2026 - 00:16 | ||||||
| Objavljeno | 14-12-2020 - 18:15 |

