CVE-2020-25252

Published: Sep 11, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).

Affected (5)

Products: Hyland: Onbase

Hyland

1 product

Onbase

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hyland Onbase	Up to 16.0.2.83
Hyland Onbase	From 17.0.0.0 to 17.0.2.109
Hyland Onbase	From 18.0.0.0 to 18.0.0.37
Hyland Onbase	From 19.0.0.0 to 19.8.16.1000
Hyland Onbase	From 20.0.0.0 to 20.3.10.1000

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://seclists.org/fulldisclosure/2020/Sep/9

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/fulldisclosure/2020/Sep/9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.