Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hyland vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-25248
An issue exists in Hyland OnBase up to and including 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.
Hyland Onbase
7.5
CVSSv3
CVE-2020-25250
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.
Hyland Onbase
9.1
CVSSv3
CVE-2020-25251
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
Hyland Onbase
9.8
CVSSv3
CVE-2020-25253
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
Hyland Onbase
9.1
CVSSv3
CVE-2020-25256
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.
Hyland Onbase
9.8
CVSSv3
CVE-2020-25259
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
Hyland Onbase
9.8
CVSSv3
CVE-2020-25258
An issue exists in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows malicious users to transmit and execute bytecode in SOAP message...
Hyland Onbase
8.8
CVSSv3
CVE-2023-49964
An issue exists in Hyland Alfresco Community Edition up to and including 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restricti...
Hyland Alfresco Content Services
1 Github repository
7.5
CVSSv3
CVE-2018-19629
A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server prior to 7.1.5 allows an malicious user to crash the service via a TCP connection.
Hyland Perceptive Content Server
8.8
CVSSv3
CVE-2018-3844
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
Hyland Perceptive Document Filters 11.4.0.2647
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »