CISA: Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems
Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems
CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker to access sensitive documents by manipulating identifiers and file names in URLs. CISA understands that some of the vulnerabilities may have been mitigated. Further information is available in the researcher’s disclosure and a corresponding article.
CISA encourages users and administrators to apply security updates as they become available for the following vulnerabilities:
| Vulnerability | Description |
|---|---|
| Vulnerability | Description
Catalis CM360 allows authentication bypass. |
| Vulnerability | Description
Tyler Technologies Court Case Management Plus “pay for print” allows authentication bypass. |
| Vulnerability | Description
Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass. |
| Vulnerability | Description
Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass. |
| Vulnerability | Description
Aquaforest TIFF Server default configuration allows access to arbitrary files. |
| Vulnerability | Description
Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass. |
| Vulnerability | Description
Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass. |
| Vulnerability | Description
Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely. |
| Vulnerability | Description
Henschen & Associates court document management software cache uses predictable file names. |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
