178 matches found
CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...
CVE-2023-6342
The CVE-2023-6342 issue affects Tyler Technologies Court Case Management Plus. A remote attacker could authenticate as any user by manipulating parameters in CmWebSearchPfp/Login.aspx?xyzldk= and payforprint_CM/Redirector.ashx?userid=. The vulnerability’s impact is described as an authentication ...
CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems
CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis an...
Tyler Technologies Magistrate Court Case Management Plus Security Vulnerability
Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. An attacker could exploit the vulnerability to authenticate as any user...
Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability
Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker can use the "FN" and "PN" parameters of tiffserver/tssp.aspx ...
PT-2023-32619 · Tyler Technologies · Tyler Technologies Court Case Management Plus
Name of the Vulnerable Software and Affected Versions: Tyler Technologies Court Case Management Plus affected versions not specified Description: The issue concerns insufficient permission checks in public court record platforms, allowing unauthorized access to sealed, confidential, and unrelease...
Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability
Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker can exploit the vulnerability by enumerating directories usin...
Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability
Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker could use this vulnerability to upload, delete, and view file...
Tyler Technologies Magistrate Court Case Management Plus Security Vulnerability
Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus that originates from storing backups which may contain sensitive information suc...
1Password reports security incident after breach at Okta
Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. In a security incident report, 1Password says that a member of its IT team received an unexpected email suggesting they had initiated an Okta report of a list of admins. They hadnt...
Vulnerabilities fixed in Oracle Financial Services Applications
Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User righ...
Pegasystem PEGA Platform Cross-Site Scripting Vulnerability (CNVD-2023-12002)
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem Pega Platform suffers...
Pegasystem PEGA Platform Cross-Site Request Forgery Vulnerability
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management.A cross-site request forgery...
Pegasystem PEGA Platform 跨站脚本漏洞
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...
Vulnerabilities fixed in Oracle Financial Services Applications
Oracle has fixed vulnerabilities in the following Financial Services applications: - Oracle Banking Deposits and Lines of Credit Servicing - Oracle Banking Enterprise Default Management - Oracle Banking Loans Servicing - Oracle Banking Party Management - Oracle Banking Payments - Oracle Banking...
CVE-2021-31848
Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...
Cross site scripting
Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...
CVE-2021-31848 Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS)
Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...