2020-12-14 17:59:04
mitre
PUBLISHED
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP requests originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.