PT-2020-16037 · Hyland · Hyland Onbase
Published
2020-09-11
·
Updated
2022-06-30
·
CVE-2020-25251
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Hyland OnBase versions 16.0.2.83 and below
Hyland OnBase versions 17.0.2.109 and below
Hyland OnBase versions 18.0.0.37 and below
Hyland OnBase versions 19.8.16.1000 and below
Hyland OnBase versions 20.3.10.1000 and below
Description
An issue was discovered in Hyland OnBase where client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
Recommendations
For Hyland OnBase versions 16.0.2.83 and below, update to a version above 16.0.2.83 to resolve the issue.
For Hyland OnBase versions 17.0.2.109 and below, update to a version above 17.0.2.109 to resolve the issue.
For Hyland OnBase versions 18.0.0.37 and below, update to a version above 18.0.0.37 to resolve the issue.
For Hyland OnBase versions 19.8.16.1000 and below, update to a version above 19.8.16.1000 to resolve the issue.
For Hyland OnBase versions 20.3.10.1000 and below, update to a version above 20.3.10.1000 to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyland Onbase