Security Advisory

CVE-2020-28856

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-14 17:59:04

Last updated 2024-08-04 16:40:59

Assigner mitre

State PUBLISHED

Description

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP requests originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.

← Browse all CVEs View on cve.org ↗