Lucene search

Cisa-cgCVELIST:CVE-2023-6353

HistoryNov 30, 2023 - 5:51 p.m.

CVE-2023-6353 Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass

2023-11-3017:51:10

CWE-287

cisa-cg

www.cve.org

cve-2023-6353

tyler technologies

electronic filing

upload.aspx

authentication bypass

remote attacker

file manipulation

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx ‘enky’ parameter.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Civil and Criminal Electronic Filing",
    "vendor": "Tyler Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md

techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/

www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems

www.tylertech.com/solutions/courts-public-safety/courts-justice

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for CVELIST:CVE-2023-6353