CVE-2020-28860
📋 TL;DR
CVE-2020-28860 is an authenticated blind SQL injection vulnerability in OpenAsset Digital Asset Management (DAM) software. Attackers with valid credentials can inject malicious SQL queries to extract, modify, or delete database content. Organizations using OpenAsset DAM through version 12.0.19 are affected.
💻 Affected Systems
- OpenAsset Digital Asset Management
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.
Likely Case
Unauthorized data access, extraction of sensitive information, and potential privilege escalation within the application.
If Mitigated
Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.
🎯 Exploit Status
Exploit details and proof-of-concept code are publicly available; requires valid user credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.0.20 or later
Vendor Advisory: http://openasset.com
Restart Required: Yes
Instructions:
1. Backup database and application. 2. Download and install OpenAsset DAM version 12.0.20 or later from vendor. 3. Restart application services. 4. Verify patch application.
🔧 Temporary Workarounds
Input Validation Filter
allImplement web application firewall or input validation to block SQL injection patterns
Database Permission Reduction
allRestrict database user permissions to minimum required for application functionality
🧯 If You Can't Patch
- Implement network segmentation to isolate OpenAsset DAM from critical databases
- Enable detailed SQL query logging and monitoring for injection attempts
🔍 How to Verify
Check if Vulnerable:
Check OpenAsset DAM version in admin interface; versions 12.0.19 and earlier are vulnerable.Check Version:
Check admin dashboard or application configuration files for version informationVerify Fix Applied:
Verify version is 12.0.20 or later and test SQL injection attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns
- Multiple failed login attempts followed by complex queries
- Database error messages containing SQL syntax
Network Indicators:
- Unusual database connection patterns from application server
- SQL injection payloads in HTTP requests
SIEM Query:
source="openasset.logs" AND ("sql" OR "injection" OR "union select" OR "sleep(")🔗 References
- http://openasset.com
- http://packetstormsecurity.com/files/160459/OpenAsset-Digital-Asset-Management-SQL-Injection.html
- http://seclists.org/fulldisclosure/2020/Dec/21
- https://www.themissinglink.com.au/security-advisories-cve-2020-28860
- http://openasset.com
- http://packetstormsecurity.com/files/160459/OpenAsset-Digital-Asset-Management-SQL-Injection.html
- http://seclists.org/fulldisclosure/2020/Dec/21
- https://www.themissinglink.com.au/security-advisories-cve-2020-28860
