CVE-2020-25251
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
Se detectó un problema en Hyland OnBase versión 16.0.2.83 e inferior, versión 17.0.2.109 e inferior, versión 18.0.0.37 e inferior, versión 19.8.16.1000 e inferior y versión 20.3.10.1000 e inferior. La autenticación del lado del cliente se utiliza para funciones críticas como la adición de usuarios o la recuperación de información sensible
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-11 CVE Reserved
- 2020-09-11 CVE Published
- 2023-05-27 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://seclists.org/fulldisclosure/2020/Sep/16 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hyland Search vendor "Hyland" | Onbase Search vendor "Hyland" for product "Onbase" | <= 16.0.2.83 Search vendor "Hyland" for product "Onbase" and version " <= 16.0.2.83" | - |
Affected
| ||||||
| Hyland Search vendor "Hyland" | Onbase Search vendor "Hyland" for product "Onbase" | >= 17.0.0.0 <= 17.0.2.109 Search vendor "Hyland" for product "Onbase" and version " >= 17.0.0.0 <= 17.0.2.109" | - |
Affected
| ||||||
| Hyland Search vendor "Hyland" | Onbase Search vendor "Hyland" for product "Onbase" | >= 18.0.0.0 <= 18.0.0.37 Search vendor "Hyland" for product "Onbase" and version " >= 18.0.0.0 <= 18.0.0.37" | - |
Affected
| ||||||
| Hyland Search vendor "Hyland" | Onbase Search vendor "Hyland" for product "Onbase" | >= 19.0.0.0 <= 19.8.16.1000 Search vendor "Hyland" for product "Onbase" and version " >= 19.0.0.0 <= 19.8.16.1000" | - |
Affected
| ||||||
| Hyland Search vendor "Hyland" | Onbase Search vendor "Hyland" for product "Onbase" | >= 20.0.0.0 <= 20.3.10.1000 Search vendor "Hyland" for product "Onbase" and version " >= 20.0.0.0 <= 20.3.10.1000" | - |
Affected
| ||||||