CVE-2020-25257

Published: Sep 11, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.

Affected (5)

Products: Hyland: Onbase

Hyland

1 product

Onbase

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hyland Onbase	Up to 16.0.2.83
Hyland Onbase	From 17.0.0.0 to 17.0.2.109
Hyland Onbase	From 18.0.0.0 to 18.0.0.37
Hyland Onbase	From 19.0.0.0 to 19.8.16.1000
Hyland Onbase	From 20.0.0.0 to 20.3.10.1000

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://seclists.org/fulldisclosure/2020/Sep/23

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/fulldisclosure/2020/Sep/23

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.