Client-Side Authentication Vulnerability in Hyland OnBase Software
CVE-2020-25251

9.1CRITICAL

Key Information:

Vendor: Hyland
Status: Onbase
Vendor: CVE Published:; 11 September 2020

What is CVE-2020-25251?

An authentication flaw in Hyland OnBase allows unauthorized access to critical functions, including user management and sensitive data retrieval. The vulnerability arises from relying on client-side authentication, which can be exploited to manipulate user sessions. This affects various versions of the software, potentially compromising user data and overall system integrity.

References

https://seclists.org/fulldisclosure/2020/Sep/16

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2020
Vulnerability Reserved
Sep 11, 2020