SQL Injection Flaw in Hyland OnBase Software
CVE-2020-25254
9.8CRITICAL
What is CVE-2020-25254?
A SQL injection vulnerability has been identified in multiple versions of Hyland OnBase, potentially allowing an attacker to execute arbitrary SQL commands. The issue can be exploited through functions such as TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. This vulnerability affects versions 16.0.2.83 and earlier, 17.0.2.109 and earlier, 18.0.0.37 and earlier, 19.8.16.1000 and earlier, and 20.3.10.1000 and earlier, making it essential for users to review their systems and apply necessary patches to mitigate risks.
