Описание
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
Ссылки
- Third Party Advisory
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/Press/Media CoverageThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Product
- Third Party Advisory
- https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/Press/Media CoverageThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00967
Низкий
5.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 5.3
github
около 2 лет назад
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
EPSS
Процентиль: 76%
0.00967
Низкий
5.3 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287