Deserialization of untrusted data

2020-09-1103:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.

CPENameOperatorVersion
onbasege17.0.0.0
onbasele17.0.2.109
onbasege20.0.0.0
onbasele20.3.10.1000
onbasege19.0.0.0
onbasele19.8.16.1000
onbasege18.0.0.0
onbasele18.0.0.37
onbasele16.0.2.83

Name	Operator	Version
onbase	ge	17.0.0.0
onbase	le	17.0.2.109
onbase	ge	20.0.0.0
onbase	le	20.3.10.1000
onbase	ge	19.0.0.0
onbase	le	19.8.16.1000
onbase	ge	18.0.0.0
onbase	le	18.0.0.37
onbase	le	16.0.2.83

References

seclists.org/fulldisclosure/2020/Sep/22