CVE-2020-25249

Name of the Vulnerable Software and Affected Versions Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below

Description An issue was discovered where the server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations.

Recommendations For Hyland OnBase versions 16.0.2.83 and below, consider configuring the server to log activity by default, regardless of client application specifications. For Hyland OnBase versions 17.0.2.109 and below, consider configuring the server to log activity by default, regardless of client application specifications. For Hyland OnBase versions 18.0.0.37 and below, consider configuring the server to log activity by default, regardless of client application specifications. For Hyland OnBase versions 19.8.16.1000 and below, consider configuring the server to log activity by default, regardless of client application specifications. For Hyland OnBase versions 20.3.10.1000 and below, consider configuring the server to log activity by default, regardless of client application specifications.