Main Vulnerability Database Vulnerabilities #VU46716

#VU46716 Insufficient Logging in OnBase - CVE-2020-25249

Published: September 11, 2020 / Updated: September 15, 2020

Vulnerability identifier: #VU46716

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25249

CWE-ID: CWE-778

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OnBase

Software vendor:
Hyland Software

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software relies on the client-side to log failures. A remote attacker can use clients such as the Unity Client, drop the "log" request that is sent to the server and write arbitrary data to the server logs.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://seclists.org/fulldisclosure/2020/Sep/8

#VU46716 Insufficient Logging in OnBase - CVE-2020-25249

Description

Remediation

External links

Please verify you're human