Lucene search

[email protected]CVE-2020-25247

HistorySep 11, 2020 - 3:15 a.m.

CVE-2020-25247

2020-09-1103:15:12

CWE-22

[email protected]

web.nvd.nist.gov

hyland onbase

cve-2020-25247

directory traversal

security

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.

Affected configurations

NVD

Node

hylandonbaseRange≤18.0.0.32

hylandonbaseRange19.0.0.0–19.8.9.1000

CPENameOperatorVersion
hyland:onbasehyland onbasele18.0.0.32
hyland:onbasehyland onbasele19.8.9.1000

CPE	Name	Operator	Version
hyland:onbase	hyland onbase	le	18.0.0.32
hyland:onbase	hyland onbase	le	19.8.9.1000

References

seclists.org/fulldisclosure/2020/Oct/9

seclists.org/fulldisclosure/2020/Sep/21

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for CVE-2020-25247

cvelist1 prion1 nvd1