This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adaptive Security Vulnerabilities from fulldisclosure sec mailing list?

Ken_Piper
Star Contributor
Star Contributor

‎09-15-2020 12:55 PM

HI all - we have received 6 Security Vulnerability Reports via the FullDisclosure Vulnerability mailing list. These include:

DLL Hijacking
Path Traversal
Unity Client Malformed Image Denial Of Service
Hardcoded PKI Certificates And AES Key Material
Log Injection And Denial Of Service
Insufficient Authorization

I have reached out to support to identify any steps can we take to evaluate the severity of these vulnerabilities in our environment, and mitigate them, but has anyone here on community also looked at these reported vulnerabilities and have any further information? 

Thank you,

Ken Piper

 

Labels:
10 REPLIES 10

John_Howell
Confirmed Champ
Confirmed Champ

‎09-15-2020 01:22 PM

Hi There-

Our Security Administrator on campus has also raised these security vulnerabilities. I will be watching this thread for any response from Hyland Support.

 

Thank you.

John Howell
Fresno State

 

 

Ken_Piper
Star Contributor
Star Contributor

‎09-15-2020 02:49 PM

HI John - it is my understanding that Sac St may also have contacted Hyland  - found out after logging the support ticket and creating the forum post. 😉

 

Take care,

 

Ken Piper

SFSU

0 Kudos

Ken_Piper
Star Contributor
Star Contributor

‎09-16-2020 10:33 AM

The Hyland response we received to our ticket indicated that they will be performing some pen-testing and we have requested information regarding those results which they have said they will share, as well as any mitigation information/strategies.

Ken Piper

Systems Administrator

Information Technology Services (ITS) - San Francisco State University

 

0 Kudos

John_Phelan
Confirmed Champ
Confirmed Champ

‎09-16-2020 02:26 PM

Hyland has posted an official response to these alleged security issues.  The most current update can be found in the R&D Blog on community at the following link:  https://community.hyland.com/blog/posts/75935-recent-posts-regarding-alleged-onbase-vulnerabilities

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC