Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
CVE-2023-6354

9.4CRITICAL

Key Information:

Vendor

Tyler Technologies

Status
Magistrate Court Case Management Plus
Vendor
CVE Published:
30 November 2023

What is CVE-2023-6354?

Tyler Technologies Magistrate Court Case Management Plus is vulnerable to unauthorized actions due to improper validation of the 'filename' parameter in PDFViewer.aspx. This security loophole allows unauthenticated remote attackers to upload, delete, and view sensitive documents, potentially compromising court records and other critical files. As such vulnerabilities pose substantial risks to data privacy and integrity, it’s essential for users to apply security updates and follow best practices for protecting sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Magistrate Court Case Management Plus 0

References

https://www.tylertech.com/solutions/courts-public-safety/...
product
https://github.com/qwell/disorder-in-the-court/blob/main/...
https://techcrunch.com/2023/11/30/us-court-records-system...
media-coverage

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.