Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hyland onbase vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-23342
The Hyland Onbase Application Server releases before 20.3.58.1000 and OnBase releases 21.1.1.1000 up to and including 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users...
Hyland Onbase
1 Github repository
570
VMScore
CVE-2020-25251
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
Hyland Onbase
445
VMScore
CVE-2020-25247
An issue exists in Hyland OnBase up to and including 18.0.0.32 and 19.x up to and including 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.
Hyland Onbase
445
VMScore
CVE-2020-25248
An issue exists in Hyland OnBase up to and including 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.
Hyland Onbase
445
VMScore
CVE-2020-25250
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.
Hyland Onbase
668
VMScore
CVE-2020-25253
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
Hyland Onbase
668
VMScore
CVE-2020-25257
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.
Hyland Onbase
668
VMScore
CVE-2020-25259
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
Hyland Onbase
445
VMScore
CVE-2020-25249
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use...
Hyland Onbase
605
VMScore
CVE-2020-25252
An issue exists in Hyland OnBase up to and including 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol ...
Hyland Onbase
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »