Hyland OnBase 19.x and below – Insecure Deserialization

Posted by AdaptiveSecurity Consulting via Fulldisclosure on Sep 08

CVSSv3.1 Score
————————————————-
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor
————————————————-
Hyland Software – (https://www.hyland.com/en/ and https://www.onbase.com/en/)

Product
————————————————-
Hyland OnBase
All derivatives based on OnBase

Versions Affected
————————————————-
All versions up to and prior to OnBase…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source