PT-2020-16043 · Hyland · Hyland Onbase
Published
2020-09-11
·
Updated
2022-06-30
·
CVE-2020-25257
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hyland OnBase versions 16.0.2.83 and below
Hyland OnBase versions 17.0.2.109 and below
Hyland OnBase versions 18.0.0.37 and below
Hyland OnBase versions 19.8.16.1000 and below
Hyland OnBase versions 20.3.10.1000 and below
Description
The issue allows XXE (XML External Entity) attacks, which can provide read/write access to arbitrary files. This can potentially lead to unauthorized data access or modification.
Recommendations
For versions 16.0.2.83 and below, update to a version above 16.0.2.83 to resolve the issue.
For versions 17.0.2.109 and below, update to a version above 17.0.2.109 to resolve the issue.
For versions 18.0.0.37 and below, update to a version above 18.0.0.37 to resolve the issue.
For versions 19.8.16.1000 and below, update to a version above 19.8.16.1000 to resolve the issue.
For versions 20.3.10.1000 and below, update to a version above 20.3.10.1000 to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyland Onbase