CVE-2020-25252
11.09.2020, 03:15
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).
| Vendor | Product | Version |
|---|---|---|
| hyland | onbase | 𝑥 ≤ 16.0.2.83 |
| hyland | onbase | 17.0.0.0 ≤ 𝑥 ≤ 17.0.2.109 |
| hyland | onbase | 18.0.0.0 ≤ 𝑥 ≤ 18.0.0.37 |
| hyland | onbase | 19.0.0.0 ≤ 𝑥 ≤ 19.8.16.1000 |
| hyland | onbase | 20.0.0.0 ≤ 𝑥 ≤ 20.3.10.1000 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration