CISA: Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems

cisa logo 002

Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems


CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker to access sensitive documents by manipulating identifiers and file names in URLs. CISA understands that some of the vulnerabilities may have been mitigated. Further information is available in the researcher’s disclosure(link is external) and a corresponding article(link is external).

CISA encourages users and administrators to apply security updates as they become available for the following vulnerabilities:

Vulnerability Description 
Vulnerability

CVE-2023-6341(link is external)

Description 

Catalis CM360 allows authentication bypass.

Vulnerability

CVE-2023-6342(link is external)

Description 

Tyler Technologies Court Case Management Plus “pay for print” allows authentication bypass.

Vulnerability

CVE-2023-6343(link is external)

Description 

Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass.

Vulnerability

CVE-2023-6344(link is external)

Description 

Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass.

Vulnerability

CVE-2023-6352(link is external)

Description 

Aquaforest TIFF Server default configuration allows access to arbitrary files.

Vulnerability

CVE-2023-6353(link is external)

Description 

Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass.

Vulnerability

CVE-2023-6354(link is external)

Description 

Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass.

Vulnerability

CVE-2023-6375(link is external)

Description 

Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely.

Vulnerability

CVE-2023-6376(link is external)

Description 

Henschen & Associates court document management software cache uses predictable file names.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.