CVE-2023-6352

Опубликовано: 30 нояб. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.

Ссылки

https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
Exploit
Third Party Advisory
https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting
Vendor Advisory
https://www.aquaforest.com/blog/tiff-server-security-update
Vendor Advisory
https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf
Product
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Third Party Advisory
US Government Resource
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
Exploit
Third Party Advisory
https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting
Vendor Advisory
https://www.aquaforest.com/blog/tiff-server-security-update
Vendor Advisory
https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf
Product
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aquaforest:tiff_server:4.2.210913:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00466

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-vrfq-g4fq-7qwr