All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a data import denial of service vulnerability.
046320e0b05a912056cc48fa9bb42c862a7481c4d6ff574bd3c434b1abc4e223
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an arbitrary file upload vulnerability.
73f58c444371c240444b5a1298b127bc7083b9a6ceedbd305c49dcca16f44ec3
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from XML external entity injection vulnerabilities.
3dacee5179c39144a77b9148d96722655bd370a5195ee7c7ad75ced5ba541521
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) perform insecure deserialization practices that can lead to code execution.
1c375814061beaed31c9020dfa7b49bcc04ff9b02a06da5c105e9c46bc4d1c5d
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from path traversal vulnerabilities.
c0aa119646df1f1df347e0bc1206a9b1b51ac0409f37d75183a62d7a63c2fe9b
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from DLL hijacking vulnerabilities.
e49dbe918cc882495411b7160b3cc81912c518a3099cb02384eb64640bd70ee5
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a Unity client malformed image denial of service vulnerability.
9a7be3d75ecad9e4daffb25ac6ee49d70285b846896c5532dc4f8594c41e708c
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from having hardcoded PKI certificates and AES key material.
bc727c3205ab555062293ad759e22da0cf8f20c066816e52a61482e53fa247cf
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from log injection vulnerabilities.
a48e63cf7f4fd470753b57ad80a193df8afba0c05a5bd54b3d1d491b9d27386c
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an insufficient authorization vulnerability.
4c0e7d78dacd09e0ddf5fe24f698a06253aa5a8a27c76352d1576fb6ee7c7124
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from cross site request forgery vulnerabilities.
b83e315aa3cdcb74476b6676b4b10d4f8fe0564ad863af190cc764e742051d47
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an insufficient logging vulnerability due to client-side enforcement.
e2e4ea911a0df0f9d26138b96ced126c65fbab9a191f866f72aaa2ebe7f277f3
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.
c0b7adf784ee96968a327fe89aa2b4c947205685d73dfef19a6b729e6c80f341