CVE-2020-25259

Published: Sep 11, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.

Affected (5)

Products: Hyland: Onbase

Hyland

1 product

Onbase

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hyland Onbase	Up to 16.0.2.83
Hyland Onbase	From 17.0.0.0 to 17.0.2.109
Hyland Onbase	From 18.0.0.0 to 18.0.0.37
Hyland Onbase	From 19.0.0.0 to 19.8.16.1000
Hyland Onbase	From 20.0.0.0 to 20.3.10.1000

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://seclists.org/fulldisclosure/2020/Sep/22

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/fulldisclosure/2020/Sep/22

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.