PT-2020-16046 · Hyland · Hyland Onbase
Published
2020-09-11
·
Updated
2022-06-30
·
CVE-2020-25260
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hyland OnBase versions 16.0.2.83 and below
Hyland OnBase versions 17.0.2.109 and below
Hyland OnBase versions 18.0.0.37 and below
Hyland OnBase versions 19.8.16.1000 and below
Hyland OnBase versions 20.3.10.1000 and below
Description
The issue allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
Recommendations
For Hyland OnBase versions 16.0.2.83 and below, update to a version above 16.0.2.83 to resolve the issue.
For Hyland OnBase versions 17.0.2.109 and below, update to a version above 17.0.2.109 to resolve the issue.
For Hyland OnBase versions 18.0.0.37 and below, update to a version above 18.0.0.37 to resolve the issue.
For Hyland OnBase versions 19.8.16.1000 and below, update to a version above 19.8.16.1000 to resolve the issue.
For Hyland OnBase versions 20.3.10.1000 and below, update to a version above 20.3.10.1000 to resolve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyland Onbase