Vulnerability Details : CVE-2023-6353
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-6353
- cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6353
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6353
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government | |
9.4
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
3.9
|
5.5
|
NIST |
CWE ids for CVE-2023-6353
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6353
-
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
disorder-in-the-court/README-TylerTechnologies.md at main · qwell/disorder-in-the-court · GitHubThird Party Advisory
-
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunchPress/Media Coverage;Third Party Advisory
-
https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Courts & Justice | Courts & Public Safety | Tyler TechnologiesProduct
-
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISAThird Party Advisory;US Government Resource
Jump to