CVE-2020-25255

Name of the Vulnerable Software and Affected Versions Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below

Description The issue allows remote attackers to cause a denial of service, specifically an outage of connection-request processing, via a long user ID. This long user ID triggers an exception and results in a large log entry.

Recommendations For versions 16.0.2.83 and below, consider restricting the length of the user ID to prevent the denial of service. For versions 17.0.2.109 and below, consider implementing input validation to limit the user ID length. For versions 18.0.0.37 and below, consider disabling the processing of long user ID values until a fix is available. For versions 19.8.16.1000 and below, consider restricting access to the affected module to minimize the risk of exploitation. For versions 20.3.10.1000 and below, consider applying configuration changes to limit the impact of a long user ID on connection-request processing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.