Lucene search

[email protected]NVD:CVE-2022-26665

HistoryApr 18, 2022 - 3:15 p.m.

CVE-2022-26665

2022-04-1815:15:08

CWE-639

[email protected]

web.nvd.nist.gov

cve-2022-26665

external access

sensitive records access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.4%

JSON

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.

Affected configurations

Nvd

Node

tylertechodyssey_portalRange<17.1.20

VendorProductVersionCPE
tylertechodyssey_portal*cpe:2.3:a:tylertech:odyssey_portal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tylertech	odyssey_portal	*	cpe:2.3:a:tylertech:odyssey_portal::::::::

References

news.ycombinator.com/item?id=30502117

www.calbar.ca.gov/About-Us/News/Data-Breach-Updates

www.judyrecords.com/info

www.judyrecords.com/what-happened-with-tyler-technologies

www.tylertech.com/dataharvest

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.4%

JSON

Related for NVD:CVE-2022-26665

cve1 cnvd1 cvelist1 prion1