Lucene search

9119a7d8-5eab-497f-8521-727c672e3725NVD:CVE-2023-6354

HistoryNov 30, 2023 - 6:15 p.m.

CVE-2023-6354

2023-11-3018:15:09

CWE-287

9119a7d8-5eab-497f-8521-727c672e3725

web.nvd.nist.gov

tyler technologies

magistrate court case management plus

remote attacker

file manipulation

pdfviewer.aspx

unauthenticated

cve-2023-6354

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx ‘filename’ parameter.

Affected configurations

Nvd

Node

tylertechcourt_case_management_plusMatch-

VendorProductVersionCPE
tylertechcourt_case_management_plus-cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tylertech	court_case_management_plus	-	cpe:2.3:a:tylertech:court_case_management_plus:-:::::::*

References

github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md

techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/

www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems

www.tylertech.com/solutions/courts-public-safety/courts-justice

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

Related for NVD:CVE-2023-6354