CVE-2020-25252

HIGH

Hyland OnBase < 16.0.2.83, <= 17.0.2.109, <= 18.0.0.37, <= 19.8.16.1000, <= 20.3.10.1000 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).

References (1)

Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Sep/9

Scores

CVSS v3 8.8
EPSS 0.0051
EPSS Percentile 39.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
hyland/onbase < 16.0.2.83
Published Sep 11, 2020
Tracked Since Feb 18, 2026