Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Civil and Criminal Electronic Filing by Tyler Technologies

    CVE-2023-6353 (GCVE-0-2023-6353)

    Vulnerability from nvd – Published: 2023-11-30 17:51 – Updated: 2025-08-25 19:55
    VLAI
    Title
    Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
    Summary
    Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2023-11-30 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "product",
                  "x_transferred"
                ],
                "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-25T19:55:05.941477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-25T19:55:12.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Civil and Criminal Electronic Filing",
              "vendor": "Tyler Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-11-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eTyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T20:53:39.215Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
            },
            {
              "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
            },
            {
              "tags": [
                "third-party-advisory",
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-6353",
        "datePublished": "2023-11-30T17:51:10.531Z",
        "dateReserved": "2023-11-28T02:57:05.114Z",
        "dateUpdated": "2025-08-25T19:55:12.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6353 (GCVE-0-2023-6353)

    Vulnerability from cvelistv5 – Published: 2023-11-30 17:51 – Updated: 2025-08-25 19:55
    VLAI
    Title
    Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
    Summary
    Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2023-11-30 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "product",
                  "x_transferred"
                ],
                "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-25T19:55:05.941477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-25T19:55:12.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Civil and Criminal Electronic Filing",
              "vendor": "Tyler Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-11-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eTyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T20:53:39.215Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
            },
            {
              "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
            },
            {
              "tags": [
                "third-party-advisory",
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-6353",
        "datePublished": "2023-11-30T17:51:10.531Z",
        "dateReserved": "2023-11-28T02:57:05.114Z",
        "dateUpdated": "2025-08-25T19:55:12.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }