140 matches found
CVE-2020-25248
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter...
CVE-2020-25248
CVE-2020-25248 affects Hyland OnBase prior to certain incremental updates (as listed in the description). The issue is a directory traversal vulnerability that permits reading files via the FileName parameter , implying improper validation of file paths. The vulnerability type is a path traversal...
CVE-2020-25249
CVE-2020-25249 affects Hyland OnBase versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The vulnerability arises because the server logs activity only when the client application requests logging, which can undermine server...
CVE-2020-25249
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in...
CVE-2020-25250
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs...
CVE-2020-25250
CVE-2020-25250 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue allows client applications to write arbitrary data to the server logs. The connected documents do not provide exploit details, affecte...
CVE-2020-25251
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information...
CVE-2020-25251
CVE-2020-25251 affects Hyland OnBase prior to specific build revisions (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). The issue stems from client-side authentication used for critical functions (e.g., adding users or retrieving se...
CVE-2020-25252
CVE-2020-25252 affects Hyland OnBase (multiple versions up to 20.3.10.1000 and below). The issue is a CSRF-driven login vulnerability that uses default credentials (the wstinol password for the manager or hsi account), allowing an attacker to log in a user and then perform actions. Affected versi...
CVE-2020-25252
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials the wstinol password for the manag...
CVE-2020-25253
Hyland OnBase is vulnerable to SQL injection in multiple versions: 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue is triggered via parameters such as TableName, ColumnName, Name, UserId, or Password. The connected docu...
CVE-2020-25253
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter...
CVE-2020-25254
Hyland OnBase contains a SQL injection vulnerability (CVE-2020-25254) affecting versions 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue allows arbitrary SQL execution via TestConnection_LocalOrLinkedServer, CreateFilte...
CVE-2020-25254
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnectionLocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer...
CVE-2020-25255
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...
CVE-2020-25255
The CVE-2020-25255 issue affects Hyland OnBase up to the listed versions (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). It enables remote attackers to cause a denial of service by sending a long user ID, triggering an exception an...
CVE-2020-25256
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations...
CVE-2020-25256
CVE-2020-25256 affects Hyland OnBase versions listed in the description (16.0.2.83 and below; 17.0.2.109 and below; 18.0.0.37 and below; 19.8.16.1000 and below; 20.3.10.1000 and below). Root cause: PKI certificates share a private key across different customers’ installations. Impact, as stated, ...
CVE-2020-25257
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files...
CVE-2020-25257
Hyland OnBase is affected by CVE-2020-25257, with XXE vulnerabilities that allow read/write access to arbitrary files. Affected versions include OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The connected documents confi...