CVE-2023-6354

Опубликовано: 30 нояб. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 9.4

EPSS Низкий

Описание

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.

Ссылки

https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
Third Party Advisory
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Press/Media Coverage
Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Third Party Advisory
US Government Resource
https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Product
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
Third Party Advisory
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Press/Media Coverage
Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Third Party Advisory
US Government Resource
https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01044

Низкий

5.3 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-vq53-8c3w-p2fr

CVSS3: 5.3

github

около 2 лет назад

Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.

EPSS

Процентиль: 77%

0.01044

Низкий

5.3 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-287