Onbase Security Vulnerabilities and Issues — Onbase CVE List

Lucene search

HylandOnbase

8 matches found

CVE•added 2020/09/11 3:15 a.m.•52 views

CVE-2020-25251

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.

9.1CVSS9.3AI score0.00247EPSS

CVE•added 2020/09/11 3:15 a.m.•52 views

CVE-2020-25260

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.

9.8CVSS9.7AI score0.02118EPSS

CVE•added 2020/09/11 3:15 a.m.•51 views

CVE-2020-25257

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.

9.8CVSS9.3AI score0.00363EPSS

CVE•added 2020/09/11 3:15 a.m.•49 views

CVE-2020-25259

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.

9.8CVSS9.4AI score0.00329EPSS

CVE•added 2020/09/11 3:15 a.m.•46 views

CVE-2020-25254

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.

9.8CVSS9.6AI score0.00322EPSS

CVE•added 2020/09/11 3:15 a.m.•45 views

CVE-2020-25253

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.

9.8CVSS9.6AI score0.00264EPSS

CVE•added 2020/09/11 3:15 a.m.•45 views

CVE-2020-25256

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.

9.1CVSS9.1AI score0.00138EPSS

CVE•added 2020/09/11 3:15 a.m.•43 views

CVE-2020-25258

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.

9.8CVSS9.3AI score0.0041EPSS