Home / exploitsPDF  

OpenAsset Digital Asset Management IP Access Control Bypass

Posted on 12 December 2020

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

 

TOP