Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hyland Onbase Application Server 安全漏洞
Vulnerability Description
Hyland Onbase Application Server是美国Hyland公司的一个企业信息平台服务器。旨在管理内容、流程和案例。 Hyland Onbase Application Server 20.3.58.1000之前版本、Onbase 21.1.1.1000版本至21.1.15.1000版本存在安全漏洞。攻击者利用该漏洞通过向 /mobilebroker/ServiceToBroker.svc/Json/Connect 端点发送 POST 登录请求,从而获取有效用户的枚举值。
CVSS Information
N/A
Vulnerability Type
N/A