Vulnerabilities > CVE-2022-26665 - Authorization Bypass Through User-Controlled Key vulnerability in Tylertech Odyssey Portal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tylertech

CWE-639

NVD

Published: 2022-04-18

Updated: 2022-09-03

Summary

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.

Vulnerable Configurations

Part	Description	Count
Application	Tylertech Tylertech Odyssey Portal *	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.judyrecords.com/what-happened-with-tyler-technologies
https://news.ycombinator.com/item?id=30502117
https://www.tylertech.com/dataharvest
https://www.judyrecords.com/info
https://www.calbar.ca.gov/About-Us/News/Data-Breach-Updates