CVE-2020-25254

Name of the Vulnerable Software and Affected Versions Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below

Description The issue allows SQL injection, as demonstrated by functions such as TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. This indicates a potential risk where an attacker could inject malicious SQL code to manipulate database queries.

Recommendations For Hyland OnBase versions 16.0.2.83 and below, consider disabling the TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, and AddWorkViewLinkedServer functions until a patch is available. For Hyland OnBase versions 17.0.2.109 and below, consider disabling the TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, and AddWorkViewLinkedServer functions until a patch is available. For Hyland OnBase versions 18.0.0.37 and below, consider disabling the TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, and AddWorkViewLinkedServer functions until a patch is available. For Hyland OnBase versions 19.8.16.1000 and below, consider disabling the TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, and AddWorkViewLinkedServer functions until a patch is available. For Hyland OnBase versions 20.3.10.1000 and below, consider disabling the TestConnection LocalOrLinkedServer, CreateFilterFriendlyView, and AddWorkViewLinkedServer functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.