Damstratechnology Smart_asset
3 CVEs affecting Damstratechnology Smart_asset. Latest disclosed: 2020-10-02. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-26527 | Critical | 9.8 | 2020-10-02 | An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origi… |
CVE-2020-26525 | Critical | 9.1 | 2020-10-02 | Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connect… |
CVE-2020-26526 | Medium | 5.3 | 2020-10-02 | An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server… |