Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and
'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisa-cg
Published: 2023-11-30T17:41:13.229Z
Updated: 2024-08-02T08:28:21.820Z
Reserved: 2023-11-27T22:29:22.709Z
Link: CVE-2023-6342
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-30T18:15:08.380
Modified: 2023-12-06T18:19:36.663
Link: CVE-2023-6342
Redhat
No data.