CVE-2020-28858

Cross-site request forgery in OpenAsset Digital Asset Management by OpenAsset | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

The OpenAsset Digital Asset Management application was vulnerable to cross-site request forgery because it did not verify whether a request made to itself was intentionally made by the user. All actions performed by the user's navigating the site, including all administrative user actions were found to be vulnerable.

Successful exploitation would allow attackers to perform any actions on behalf of the current user's security context.

Affected Versions

Discovered in: 12.0.19 (Cloud) 11.2.1 (On-Premise)

Fixed Versions

Fixed in: 12.0.26 (Cloud) 11.4.10 (On-Premise)

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News