Cross-site request forgery (CSRF) in OpenAsset Digital Asset Management 11.2.1/12.0.19 disclosure

December 11, 2020

Posted by Jack Misiura via Fulldisclosure on Dec 11

Title: Cross-site request forgery (CSRF)

Product: OpenAsset Digital Asset Management by OpenAsset

Vendor Homepage: https://www.openasset.com/

Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise)

Fixed Version: 12.0.26 (Cloud) 11.4.10 (On-premise)

CVE Number: CVE-2020-28858

Author: Jack Misiura from The Missing Link

Website: https://www.themissinglink.com.au

Timeline:

2020-11-14 Disclosed to Vendor

2020-12-04 Vendor releases final…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

November 22, 2024

November 22, 2024

November 22, 2024

November 22, 2024

November 22, 2024