PT-2020-16038 · Hyland · Hyland Onbase
Published
2020-09-11
·
Updated
2022-06-30
·
CVE-2020-25252
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hyland OnBase versions prior to 16.0.2.84
Hyland OnBase versions prior to 17.0.2.110
Hyland OnBase versions prior to 18.0.0.38
Hyland OnBase versions prior to 19.8.16.1001
Hyland OnBase versions prior to 20.3.10.1001
Description
An issue was discovered in Hyland OnBase where CSRF can be used to log in a user and then perform actions because there are default credentials, specifically the wstinol password for the manager or hsi account.
Recommendations
For versions prior to 16.0.2.84, update to a version above 16.0.2.83.
For versions prior to 17.0.2.110, update to a version above 17.0.2.109.
For versions prior to 18.0.0.38, update to a version above 18.0.0.37.
For versions prior to 19.8.16.1001, update to a version above 19.8.16.1000.
For versions prior to 20.3.10.1001, update to a version above 20.3.10.1000.
As a temporary workaround, consider changing the default credentials, specifically the wstinol password for the manager or hsi account, to prevent unauthorized access.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyland Onbase