Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Magistrate Court Case Management Plus by Tyler Technologies
CVE-2023-6354 (GCVE-0-2023-6354)
Vulnerability from nvd – Published: 2023-11-30 17:53 – Updated: 2024-08-02 08:28
VLAI?
Title
Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
Summary
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
Severity ?
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tyler Technologies | Magistrate Court Case Management Plus |
Affected:
0
|
Date Public ?
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Magistrate Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:54:04.031Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6354",
"datePublished": "2023-11-30T17:53:26.147Z",
"dateReserved": "2023-11-28T02:57:10.860Z",
"dateUpdated": "2024-08-02T08:28:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6354 (GCVE-0-2023-6354)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:53 – Updated: 2024-08-02 08:28
VLAI?
Title
Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
Summary
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
Severity ?
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tyler Technologies | Magistrate Court Case Management Plus |
Affected:
0
|
Date Public ?
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Magistrate Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:54:04.031Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6354",
"datePublished": "2023-11-30T17:53:26.147Z",
"dateReserved": "2023-11-28T02:57:10.860Z",
"dateUpdated": "2024-08-02T08:28:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}