Vulnerabilities > CVE-2022-23342 - Unspecified vulnerability in Hyland Onbase

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

hyland

NVD

Published: 2022-06-21

Updated: 2022-06-29

Summary

The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.

Vulnerable Configurations

Part	Description	Count
Application	Hyland Hyland Onbase - Hyland Onbase 16.0.0.0 Hyland Onbase 16.0.2.83 Hyland Onbase 17.0.0.0 Hyland Onbase 17.0.2.109 Hyland Onbase 18.0.0.0 Hyland Onbase 18.0.0.32 Hyland Onbase 18.0.0.37 Hyland Onbase 19.0.0.0 Hyland Onbase 19.8.9.1000 Hyland Onbase 19.8.16.1000 Hyland Onbase 20.0.0.0 Hyland Onbase 20.3.10.1000 Hyland Onbase 21.1.1.1000 Hyland Onbase 21.1.15.1000	15

Summary

Vulnerable Configurations

References