Vulnerabilities > CVE-2022-23342 - Unspecified vulnerability in Hyland Onbase
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.
Vulnerable Configurations
References
- https://community.hyland.com/login?returnUrl=/connect/hyland-research-and-development/security-advisories/username-enumeration-in-onbase
- https://community.hyland.com/login?returnUrl=/connect/hyland-research-and-development/security-advisories/username-enumeration-in-onbase
- https://github.com/InitRoot/CVE-2022-23342
- https://github.com/InitRoot/CVE-2022-23342