CVE-2020-25251

Published: Sep 11, 2020Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.

Affected (5)

Products: Hyland: Onbase

Hyland

1 product

Onbase

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hyland Onbase	Up to 16.0.2.83
Hyland Onbase	From 17.0.0.0 to 17.0.2.109
Hyland Onbase	From 18.0.0.0 to 18.0.0.37
Hyland Onbase	From 19.0.0.0 to 19.8.16.1000
Hyland Onbase	From 20.0.0.0 to 20.3.10.1000

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://seclists.org/fulldisclosure/2020/Sep/16

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/fulldisclosure/2020/Sep/16

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.