Vulnerabilities > CVE-2020-28861 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Openasset Digital Asset Management

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
openasset
CWE-1236

Summary

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.

Vulnerable Configurations

Part Description Count
Application
Openasset
1