Overview
- Description
- An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-502
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8676658E-9F96-4213-9062-119274A085A4",
"versionEndIncluding": "16.0.2.83"
},
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46DE98EF-38B4-4C32-8FF1-54D1733771AC",
"versionEndIncluding": "17.0.2.109",
"versionStartIncluding": "17.0.0.0"
},
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFEE664C-014B-4B42-8DA2-86617D8E279E",
"versionEndIncluding": "18.0.0.37",
"versionStartIncluding": "18.0.0.0"
},
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78E72BFC-F30C-45FF-9253-2CF1FF633B82",
"versionEndIncluding": "19.8.16.1000",
"versionStartIncluding": "19.0.0.0"
},
{
"criteria": "cpe:2.3:a:hyland:onbase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "966A05D7-1D0A-4618-9DFC-8F1A062D3DC6",
"versionEndIncluding": "20.3.10.1000",
"versionStartIncluding": "20.0.0.0"
}
],
"operator": "OR"
}
]
}
]