Friday, December 11, 2020

OpenAsset Digital Asset Management IP Access Control Bypass

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
OpenAsset Digital Asset Management IP Access Control Bypass
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated