Vulnerability Details : CVE-2023-6341
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.
Products affected by CVE-2023-6341
- cpe:2.3:a:catalisgov:cms360:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6341
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-6341
-
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.Assigned by:
- 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6341
-
https://catalisgov.com/courts-land-records-support/
Courts & Land Records Solutions for Government from CatalisProduct
-
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunchThird Party Advisory
-
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISAThird Party Advisory;US Government Resource
-
https://github.com/qwell/disorder-in-the-court/blob/main/README-Catalis.md
disorder-in-the-court/README-Catalis.md at main · qwell/disorder-in-the-court · GitHubThird Party Advisory
Jump to