Main Vulnerability Database Vulnerabilities #VU46712

#VU46712 Use of Hard-coded Cryptographic Key in OnBase - CVE-2020-25256

Published: September 11, 2020 / Updated: September 15, 2020

Vulnerability identifier: #VU46712

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-25256

CWE-ID: CWE-321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OnBase

Software vendor:
Hyland Software

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to the affected software contains a number of hardcoded key materials, such as PKI certifikates. A remote attacker can use these hardcoded certificates, which included the pubic and private keys, to encrypt and decrypt data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://seclists.org/fulldisclosure/2020/Sep/18

#VU46712 Use of Hard-coded Cryptographic Key in OnBase - CVE-2020-25256

Description

Remediation

External links

Please verify you're human