CVE-2022-26665

Опубликовано: 18 апр. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.

Ссылки

https://news.ycombinator.com/item?id=30502117
Third Party Advisory
https://www.calbar.ca.gov/About-Us/News/Data-Breach-Updates
Issue Tracking
Third Party Advisory
US Government Resource
https://www.judyrecords.com/info
Third Party Advisory
https://www.judyrecords.com/what-happened-with-tyler-technologies
Exploit
Technical Description
Third Party Advisory
https://www.tylertech.com/dataharvest
Issue Tracking
Vendor Advisory
https://news.ycombinator.com/item?id=30502117
Third Party Advisory
https://www.calbar.ca.gov/About-Us/News/Data-Breach-Updates
Issue Tracking
Third Party Advisory
US Government Resource
https://www.judyrecords.com/info
Third Party Advisory
https://www.judyrecords.com/what-happened-with-tyler-technologies
Exploit
Technical Description
Third Party Advisory
https://www.tylertech.com/dataharvest
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tylertech:odyssey_portal:*:*:*:*:*:*:*:*

Версия до 17.1.20 (исключая)

EPSS

Процентиль: 65%

0.00487

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-ppx8-vp24-fwpx