Lucene search
K

140 matches found

Cvelist
Cvelist
added 2020/09/11 2:20 a.m.17 views

CVE-2020-25248

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...

7.6AI score0.02099EPSS
Exploits0References3
CVE
CVE
added 2020/09/11 2:20 a.m.59 views

CVE-2020-25248

CVE-2020-25248 affects Hyland OnBase prior to certain incremental updates (as listed in the description). The issue is a directory traversal vulnerability that permits reading files via the FileName parameter , implying improper validation of file paths. The vulnerability type is a path traversal...

7.5CVSS7.5AI score0.02099EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/09/11 2:20 a.m.71 views

CVE-2020-25249

CVE-2020-25249 affects Hyland OnBase versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The vulnerability arises because the server logs activity only when the client application requests logging, which can undermine server...

5.3CVSS5.3AI score0.00824EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.23 views

CVE-2020-25249

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in...

5.3AI score0.00824EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.23 views

CVE-2020-25250

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs...

7.6AI score0.00908EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:20 a.m.58 views

CVE-2020-25250

CVE-2020-25250 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue allows client applications to write arbitrary data to the server logs. The connected documents do not provide exploit details, affecte...

7.5CVSS7.5AI score0.00908EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.17 views

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...

9.4AI score0.01216EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:20 a.m.63 views

CVE-2020-25251

CVE-2020-25251 affects Hyland OnBase prior to specific build revisions (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). The issue stems from client-side authentication used for critical functions (e.g., adding users or retrieving se...

9.1CVSS9.3AI score0.01216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/11 2:20 a.m.57 views

CVE-2020-25252

CVE-2020-25252 affects Hyland OnBase (multiple versions up to 20.3.10.1000 and below). The issue is a CSRF-driven login vulnerability that uses default credentials (the wstinol password for the manager or hsi account), allowing an attacker to log in a user and then perform actions. Affected versi...

8.8CVSS8.7AI score0.00509EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.18 views

CVE-2020-25252

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials the wstinol password for the manag...

8.8AI score0.00509EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:20 a.m.57 views

CVE-2020-25253

Hyland OnBase is vulnerable to SQL injection in multiple versions: 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue is triggered via parameters such as TableName, ColumnName, Name, UserId, or Password. The connected docu...

9.8CVSS9.6AI score0.01065EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.21 views

CVE-2020-25253

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter...

9.7AI score0.01065EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:20 a.m.58 views

CVE-2020-25254

Hyland OnBase contains a SQL injection vulnerability (CVE-2020-25254) affecting versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue allows arbitrary SQL execution via TestConnection_LocalOrLinkedServer, CreateFilte...

9.8CVSS9.6AI score0.0152EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:20 a.m.15 views

CVE-2020-25254

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnectionLocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer...

9.7AI score0.0152EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/09/11 2:19 a.m.24 views

CVE-2020-25255

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...

7.4AI score0.0148EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:19 a.m.64 views

CVE-2020-25255

The CVE-2020-25255 issue affects Hyland OnBase up to the listed versions (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). It enables remote attackers to cause a denial of service by sending a long user ID, triggering an exception an...

7.5CVSS7.3AI score0.0148EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:19 a.m.18 views

CVE-2020-25256

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations...

9.2AI score0.00633EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:19 a.m.56 views

CVE-2020-25256

CVE-2020-25256 affects Hyland OnBase versions listed in the description (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). Root cause: PKI certificates share a private key across different customers’ installations. Impact, as stated, ...

9.1CVSS9.1AI score0.00633EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:19 a.m.20 views

CVE-2020-25257

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files...

9.4AI score0.01212EPSS
Exploits0References1
CVE
CVE
added 2020/09/11 2:19 a.m.62 views

CVE-2020-25257

Hyland OnBase is affected by CVE-2020-25257, with XXE vulnerabilities that allow read/write access to arbitrary files. Affected versions include OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The connected documents confi...

9.8CVSS9.3AI score0.01212EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder