CVE-2023-6344

Name of the Vulnerable Software and Affected Versions Court Case Management Plus (affected versions not specified) Tyler Technologies Court Case Management Plus (affected versions not specified)

Description The issue concerns insufficient permission checks in public court record platforms from multiple vendors, allowing unauthorized public access to sealed, confidential, and unreleased information. A specific instance involves Tyler Technologies Court Case Management Plus, where a remote, unauthenticated attacker can enumerate directories using the tiffserver/te003.aspx or te004.aspx API endpoints, specifically the ifolder parameter.

Recommendations For Court Case Management Plus, restrict access to the tiffserver/te003.aspx and te004.aspx API endpoints to prevent directory enumeration. For Tyler Technologies Court Case Management Plus, avoid using the ifolder parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.