Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Magistrate Court Case Management Plus by Tyler Technologies

    CVE-2023-6354 (GCVE-0-2023-6354)

    Vulnerability from nvd – Published: 2023-11-30 17:53 – Updated: 2024-08-02 08:28
    VLAI
    Title
    Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
    Summary
    Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2023-11-30 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "product",
                  "x_transferred"
                ],
                "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
              },
              {
                "tags": [
                  "government-resource",
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Magistrate Court Case Management Plus",
              "vendor": "Tyler Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-11-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T20:54:04.031Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
            },
            {
              "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
            },
            {
              "tags": [
                "government-resource",
                "third-party-advisory"
              ],
              "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-6354",
        "datePublished": "2023-11-30T17:53:26.147Z",
        "dateReserved": "2023-11-28T02:57:10.860Z",
        "dateUpdated": "2024-08-02T08:28:21.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6354 (GCVE-0-2023-6354)

    Vulnerability from cvelistv5 – Published: 2023-11-30 17:53 – Updated: 2024-08-02 08:28
    VLAI
    Title
    Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
    Summary
    Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Date Public
    2023-11-30 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "product",
                  "x_transferred"
                ],
                "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
              },
              {
                "tags": [
                  "government-resource",
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Magistrate Court Case Management Plus",
              "vendor": "Tyler Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-11-30T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T20:54:04.031Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
            },
            {
              "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
            },
            {
              "tags": [
                "government-resource",
                "third-party-advisory"
              ],
              "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2023-6354",
        "datePublished": "2023-11-30T17:53:26.147Z",
        "dateReserved": "2023-11-28T02:57:10.860Z",
        "dateUpdated": "2024-08-02T08:28:21.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }