RSS   Vulnerabilities for 'Smart asset'   RSS

2020-10-02
 
CVE-2020-26526

NVD-CWE-noinfo
 

 
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").

 
 
CVE-2020-26525

CWE-89
 

 
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.

 


Copyright 2024, cxsecurity.com

 

Back to Top