CVE-2023-6343

🗓️ 30 Nov 2023 18:08:15Reported by cisa-cgType

cve🔗 web.nvd.nist.gov📰️ 20 Media mentions👁 19 Views🌐 WEB

Tyler Technologies Court Case Management Plus: Remote File Acces

Reporter	Title	Published	Views	Family All 16
Prion	Design/Logic Flaw	30 Nov 202318:15	–	prion
Prion	Default configuration	30 Nov 202318:15	–	prion
Prion	Design/Logic Flaw	18 Mar 202014:15	–	prion
Prion	Authentication flaw	30 Nov 202318:15	–	prion
Cvelist	CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass	30 Nov 202317:47	–	cvelist
Cvelist	CVE-2023-6344 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass	30 Nov 202317:48	–	cvelist
Cvelist	CVE-2020-9323	18 Mar 202013:11	–	cvelist
Cvelist	CVE-2023-6352 Aquaforest TIFF Server default configuration allows access to arbitrary files	30 Nov 202318:01	–	cvelist
NVD	CVE-2023-6343	30 Nov 202318:15	–	nvd
NVD	CVE-2023-6344	30 Nov 202318:15	–	nvd

Nvd

Node

tylertech court_case_management_plusMatch-

[
  {
    "defaultStatus": "unknown",
    "product": "Court Case Management Plus",
    "vendor": "Tyler Technologies",
    "versions": [
      {
        "lessThan": "~2023-11-01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
tylertech	www.tylertech.com/solutions/courts-public-safety/courts-justice
aquaforest	www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting
techcrunch	www.techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
aquaforest	www.aquaforest.com/blog/tiff-server-security-update
cisa	www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems

Parameter	Position	Path	Description	CWE
FN	query param	/tiffserver/tssp.aspx	Remote, unauthenticated file enumeration and access vulnerability using 'FN' and 'PN' query parameters.	CWE-287
PN	query param	/tiffserver/tssp.aspx	Remote, unauthenticated file enumeration and access vulnerability using 'FN' and 'PN' query parameters.	CWE-287

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Nov 2023 18:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS35.3

EPSS0.00659

CWE-287