Vulnerability Details : CVE-2023-6343
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-6343
- cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6343
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6343
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-6343
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6343
-
https://www.aquaforest.com/blog/tiff-server-security-update
Tiff Server security update - AquaforestVendor Advisory
-
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
disorder-in-the-court/README-TylerTechnologies.md at main · qwell/disorder-in-the-court · GitHubThird Party Advisory
-
https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting
TIFF Server SunsettingVendor Advisory
-
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunchPress/Media Coverage;Third Party Advisory
-
https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Courts & Justice | Courts & Public Safety | Tyler TechnologiesProduct
-
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISAThird Party Advisory;US Government Resource
Jump to