Damstratechnology Smart Asset vulnerabilities
3 known vulnerabilities affecting damstratechnology/smart_asset.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-26525P2CRITICALCVSS 9.1v2020.72020-10-02
CVE-2020-26525 [CRITICAL] CWE-89 CVE-2020-26525: Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
nvd
CVE-2020-26527P3CRITICALCVSS 9.8v2020.72020-10-02
CVE-2020-26527 [CRITICAL] CWE-346 CVE-2020-26527: An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource shar
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header.
nvd
CVE-2020-26526P4MEDIUMCVSS 5.3v2020.72020-10-02
CVE-2020-26526 [MEDIUM] CVE-2020-26526: An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames o
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").
nvd