Recently, a critical vulnerability was discovered in OnBase. It was communicated to our customers in the March Security Bulletin Summary, as Bulletin #201502-214906. Our monthly Security Bulletin Summary is sent to customers who have opted in to receive it. You can opt-in to receive Security Bulletins by going to your profile settings in Community and checking the “Enable Security Bulletins” option.
Below is a summary of the information contained in the bulletin:
Affected Products and Versions:
Application Server, Medical Records Management Solution:
10.0.0.1 - 10.0.1.265
11.0.0.1 - 11.0.3.338
12.0.0.1 - 12.0.3.345
13.0.0.1 - 13.0.2.275
14.0.0.1 - 14.0.1.119
15.0.0.1 - 15.0.0.7
Fixed Versions:
Application Server, Medical Records Management Solution:
10.0.2.266 +
11.0.4.339 +
12.0.4.346 +
13.0.3.276 +
14.0.2.127 +
15.0.0.8 +
Summary of Risk:
This vulnerability allows an unauthenticated attacker to upload files to the application server, which could lead to code execution under the privileges of the Windows account which runs Microsoft Internet Information Services (IIS). This could allow an attacker to perform actions such as serve malicious content to users over the web, run programs or other malicious code on the application server, or access data stored on the application server to which the running user has permissions. Due to the scope of the possible risks, this issue has a severity rating of critical.
However, as mentioned previously the attacker will be limited to the privileges of the Windows user which is running the Application Server process in IIS. This can significantly reduce the scope of what malicious actions an attacker can perform if the Windows user has a limited set of permissions, in particular the ability to write files to the Application Server directories.
Steps to Remediate:
It is highly recommended that you update to a version of OnBase listed under the Fixed Versions section above.
If you are currently unable to upgrade, we recommend changing the privileges of the account running the application server to disable write privileges to sensitive directories such as the web root and temp directories as a temporary measure until upgrading is possible. This will not mitigate all risks associated with the vulnerability, but can help prevent an attacker from compromising the application server.
If you have any questions regarding this vulnerability, do not hesitate your first point of contact and get in touch with our team.
