PT-2020-16045 · Hyland · Hyland Onbase

Published

2020-09-11

Updated

2022-06-30

CVE-2020-25259

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hyland OnBase versions 16.0.2.83 and below Hyland OnBase versions 17.0.2.109 and below Hyland OnBase versions 18.0.0.37 and below Hyland OnBase versions 19.8.16.1000 and below Hyland OnBase versions 20.3.10.1000 and below

Description The issue is related to the use of XML deserialization libraries in an unsafe manner.

Recommendations For Hyland OnBase versions 16.0.2.83 and below, update to a version above 16.0.2.83. For Hyland OnBase versions 17.0.2.109 and below, update to a version above 17.0.2.109. For Hyland OnBase versions 18.0.0.37 and below, update to a version above 18.0.0.37. For Hyland OnBase versions 19.8.16.1000 and below, update to a version above 19.8.16.1000. For Hyland OnBase versions 20.3.10.1000 and below, update to a version above 20.3.10.1000.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-25259

Affected Products

Hyland Onbase

PT-2020-16045 · Hyland · Hyland Onbase

CVE-2020-25259

Weakness Enumeration

Related Identifiers

Affected Products

References · 4