CVE-2020-25253

Name of the Vulnerable Software and Affected Versions Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below

Description The issue allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. This can be exploited to inject malicious SQL code.

Recommendations For Hyland OnBase versions 16.0.2.83 and below, update to a version above 16.0.2.83 to resolve the issue. For Hyland OnBase versions 17.0.2.109 and below, update to a version above 17.0.2.109 to resolve the issue. For Hyland OnBase versions 18.0.0.37 and below, update to a version above 18.0.0.37 to resolve the issue. For Hyland OnBase versions 19.8.16.1000 and below, update to a version above 19.8.16.1000 to resolve the issue. For Hyland OnBase versions 20.3.10.1000 and below, update to a version above 20.3.10.1000 to resolve the issue. As a temporary workaround, consider restricting access to the parameters TableName, ColumnName, Name, UserId, and Password to minimize the risk of exploitation.