CVE-2023-6375 - OpenCVE

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tylertech	Court Case Management Plus

Configuration 1 [-]

cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems
https://www.tylertech.com/solutions/courts-public-safety/courts-justice

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published: 2023-11-30T17:54:25.462Z

Updated: 2024-08-02T08:28:21.804Z

Reserved: 2023-11-29T04:02:43.335Z

Link: CVE-2023-6375

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-30T18:15:09.523

Modified: 2023-12-06T17:11:21.693

Link: CVE-2023-6375

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6375", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2023-11-29T04:02:43.335Z", "datePublished": "2023-11-30T17:54:25.462Z", "dateUpdated": "2024-08-02T08:28:21.804Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Court Case Management Plus", "vendor": "Tyler Technologies", "versions": [{"status": "affected", "version": "0"}]}], "datePublic": "2023-11-30T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.<br></div>"}], "value": "Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2023-11-30T20:54:37.073Z"}, "references": [{"tags": ["product"], "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"}, {"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"}, {"tags": ["media-coverage"], "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"}, {"tags": ["third-party-advisory", "government-resource"], "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"}], "source": {"discovery": "UNKNOWN"}, "title": "Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.804Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"}, {"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md", "tags": ["x_transferred"]}, {"tags": ["media-coverage", "x_transferred"], "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"}, {"tags": ["third-party-advisory", "government-resource", "x_transferred"], "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tylertech:court_case_management_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "18DC47AF-E2C8-4744-8F29-EC58434B1735", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.\n\n\n"}, {"lang": "es", "value": "Tyler Technologies Court Case Management Plus puede almacenar copias de seguridad en una ubicaci\u00f3n a la que pueda acceder un atacante remoto no autenticado. Las copias de seguridad pueden contener informaci\u00f3n confidencial, como credenciales de bases de datos."}], "id": "CVE-2023-6375", "lastModified": "2023-12-06T17:11:21.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2023-11-30T18:15:09.523", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory"], "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Product"], "url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}