09-15-2020 12:55 PM
HI all - we have received 6 Security Vulnerability Reports via the FullDisclosure Vulnerability mailing list. These include:
DLL Hijacking
Path Traversal
Unity Client Malformed Image Denial Of Service
Hardcoded PKI Certificates And AES Key Material
Log Injection And Denial Of Service
Insufficient Authorization
I have reached out to support to identify any steps can we take to evaluate the severity of these vulnerabilities in our environment, and mitigate them, but has anyone here on community also looked at these reported vulnerabilities and have any further information?
Thank you,
Ken Piper
09-15-2020 01:22 PM
Hi There-
Our Security Administrator on campus has also raised these security vulnerabilities. I will be watching this thread for any response from Hyland Support.
Thank you.
John Howell
Fresno State
09-15-2020 02:49 PM
HI John - it is my understanding that Sac St may also have contacted Hyland - found out after logging the support ticket and creating the forum post. 😉
Take care,
Ken Piper
SFSU
09-16-2020 10:33 AM
The Hyland response we received to our ticket indicated that they will be performing some pen-testing and we have requested information regarding those results which they have said they will share, as well as any mitigation information/strategies.
Ken Piper
Systems Administrator
Information Technology Services (ITS) - San Francisco State University
09-16-2020 02:26 PM
Hyland has posted an official response to these alleged security issues. The most current update can be found in the R&D Blog on community at the following link: https://community.hyland.com/blog/posts/75935-recent-posts-regarding-alleged-onbase-vulnerabilities
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.