Lucene search
K

178 matches found

Cvelist
Cvelist
added 2023/11/30 5:47 p.m.32 views

CVE-2023-6343 Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...

5.3CVSS5.6AI score0.00935EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/11/30 5:41 p.m.28 views

CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass

Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...

5.3CVSS9.6AI score0.0113EPSS
Exploits0References4
CVE
CVE
added 2023/11/30 5:41 p.m.42 views

CVE-2023-6342

The CVE-2023-6342 issue affects Tyler Technologies Court Case Management Plus. A remote attacker could authenticate as any user by manipulating parameters in CmWebSearchPfp/Login.aspx?xyzldk= and payforprint_CM/Redirector.ashx?userid=. The vulnerability’s impact is described as an authentication ...

9.8CVSS6.4AI score0.0113EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/30 5:41 p.m.14 views

CVE-2023-6342 Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass

Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprintCM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01...

5.3CVSS7.2AI score0.0113EPSS
Exploits0References4
CISA
CISA
added 2023/11/30 12:0 p.m.14 views

Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems

CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis an...

9.8CVSS7.4AI score0.0113EPSS
Exploits2References11
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.7 views

Tyler Technologies Magistrate Court Case Management Plus Security Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. An attacker could exploit the vulnerability to authenticate as any user...

9.8CVSS6.7AI score0.0113EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker can use the "FN" and "PN" parameters of tiffserver/tssp.aspx ...

5.3CVSS6.8AI score0.00935EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-32619 · Tyler Technologies · Tyler Technologies Court Case Management Plus

Name of the Vulnerable Software and Affected Versions: Tyler Technologies Court Case Management Plus affected versions not specified Description: The issue concerns insufficient permission checks in public court record platforms, allowing unauthorized access to sealed, confidential, and unrelease...

5.3CVSS5.3AI score0.00935EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker can exploit the vulnerability by enumerating directories usin...

5.3CVSS6.9AI score0.00935EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.5 views

Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker could use this vulnerability to upload, delete, and view file...

9.4CVSS6.8AI score0.00991EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Tyler Technologies Magistrate Court Case Management Plus Security Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus that originates from storing backups which may contain sensitive information suc...

7.5CVSS6.5AI score0.00997EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2023/10/24 2:54 p.m.14 views

1Password reports security incident after breach at Okta

Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. In a security incident report, 1Password says that a member of its IT team received an unexpected email suggesting they had initiated an Okta report of a list of admins. They hadnt...

7.2AI score
Exploits0
NCSC
NCSC
added 2022/10/19 12:0 a.m.10 views

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code execution User righ...

9.8CVSS9.6AI score0.97906EPSS
Exploits29
CNVD
CNVD
added 2022/08/24 12:0 a.m.16 views

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability (CNVD-2023-12002)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem Pega Platform suffers...

6.1CVSS0.3AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/24 12:0 a.m.22 views

Pegasystem PEGA Platform Cross-Site Request Forgery Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management.A cross-site request forgery...

6.8CVSS1.5AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

Pegasystem PEGA Platform 跨站脚本漏洞

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications such as BPM business process management, case management, real-time decision making and CRM customer relationship management.Pegasystem PEGA Platform has a...

6.1CVSS6.2AI score0.00403EPSS
Exploits0References3
NCSC
NCSC
added 2022/04/20 12:0 a.m.34 views

Vulnerabilities fixed in Oracle Financial Services Applications

Oracle has fixed vulnerabilities in the following Financial Services applications: - Oracle Banking Deposits and Lines of Credit Servicing - Oracle Banking Enterprise Default Management - Oracle Banking Loans Servicing - Oracle Banking Party Management - Oracle Banking Payments - Oracle Banking...

9.8CVSS9.3AI score0.99677EPSS
Exploits117
NVD
NVD
added 2021/11/01 8:15 p.m.34 views

CVE-2021-31848

Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...

8.4CVSS0.00786EPSS
Exploits0References1
Prion
Prion
added 2021/11/01 8:15 p.m.22 views

Cross site scripting

Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...

3.5CVSS6AI score0.00786EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 7:25 p.m.29 views

CVE-2021-31848 Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS)

Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...

8.4CVSS7.6AI score0.00786EPSS
Exploits0References1
Rows per page
Query Builder