Vulnerabilities > Tylertech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-6342 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. | 9.8 |
| 2023-11-30 | CVE-2023-6343 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. | 5.3 |
| 2023-11-30 | CVE-2023-6344 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. | 5.3 |
| 2023-11-30 | CVE-2023-6353 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter. | 9.4 |
| 2023-11-30 | CVE-2023-6354 | Improper Authentication vulnerability in Tylertech Court Case Management Plus Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter. | 9.4 |
| 2023-11-30 | CVE-2023-6375 | Files or Directories Accessible to External Parties vulnerability in Tylertech Court Case Management Plus Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. | 7.5 |
| 2022-04-18 | CVE-2022-26665 | Authorization Bypass Through User-Controlled Key vulnerability in Tylertech Odyssey Portal An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. | 5.0 |
| 2020-05-13 | CVE-2019-16112 | Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11 TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. | 6.5 |
| 2013-10-28 | CVE-2013-6285 | Information Exposure vulnerability in Tylertech Taxweb 3.13.3.1 The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020. | 5.0 |
| 2013-10-28 | CVE-2013-6020 | Information Exposure vulnerability in Tylertech Taxweb 3.13.3.1 passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application. | 5.8 |