Vulnerability Details : CVE-2023-6375
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.
Products affected by CVE-2023-6375
- cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6375
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6375
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-6375
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by:
- 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6375
-
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
disorder-in-the-court/README-TylerTechnologies.md at main · qwell/disorder-in-the-court · GitHubThird Party Advisory
-
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunchPress/Media Coverage;Third Party Advisory
-
https://www.tylertech.com/solutions/courts-public-safety/courts-justice
Courts & Justice | Courts & Public Safety | Tyler TechnologiesProduct
-
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISAThird Party Advisory;US Government Resource
Jump to