Eli

**Name of the Vulnerable Software and Affected Versions** Catalis (previously Icon Software) CMS360 (affected versions not specified) **Description** The issue allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Henschen & Associates court document management software (affected versions not specified) **Description** The issue arises from insufficient randomization of file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. This could potentially lead to unauthorized access to sealed, confidential, or unreleased court records. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.