CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2023-5502 (GCVE-0-2023-5502)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:39 – Updated: 2026-06-05 18:30
VLAI
Title
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.
Summary
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.31.0 , ≤ 4.31.0F
(custom)
Affected: 4.30.0 , ≤ 4.30.4M (custom) Affected: 4.29.0 , ≤ 4.29.6M (custom) Affected: 4.28.0 , ≤ 4.28.8M (custom) Affected: 4.27.0 , ≤ 4.27.11M (custom) Affected: 4.26.0 , ≤ 4.26.11M (custom) Affected: 4.25.0 , ≤ 4.25.11M (custom) Affected: 4.24.0 , ≤ 4.24.11M (custom) |
Date Public
2024-05-21 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:30:41.122247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:30:54.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7020R Series",
"7280R/R2 Series",
"7500R/R2 Series",
"7280E Series",
"7500E Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.31.0F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.4M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.6M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.8M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.11M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.11M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.11M",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2023-5502, either of the following configuration conditions must be met:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCondition 1: Dot1x authentication must be configured:\u003c/strong\u003e\u003c/p\u003e\u003cpre\u003edot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n !! One of the two configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\u003c/pre\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eCondition 2: 802.1x configured in any host mode with MBA:\u003c/strong\u003e\u003c/p\u003e\u003cpre\u003edot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n dot1x mac based authentication\n !! One of the three configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\n dot1x host-mode multi-host\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-5502, either of the following configuration conditions must be met:\n\nCondition 1: Dot1x authentication must be configured:\n\ndot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n !! One of the two configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\n\nCondition 2: 802.1x configured in any host mode with MBA:\n\ndot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n dot1x mac based authentication\n !! One of the three configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\n dot1x host-mode multi-host\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing"
}
],
"datePublic": "2024-05-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eOn affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:39:34.101Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19462-security-advisory-0096"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2023-5502 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.0F and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.3M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.5M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.7M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Products 7280E and 7500E are EOL, and there are no released versions of EOS which fix the issue on those platforms.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-5502 has been fixed in the following releases:\n * 4.32.0F and later releases in the 4.32.x train\n * 4.31.3M and later releases in the 4.31.x train\n * 4.30.5M and later releases in the 4.30.x train\n * 4.29.7M and later releases in the 4.29.x train\n\nNote: Products 7280E and 7500E are EOL, and there are no released versions of EOS which fix the issue on those platforms."
}
],
"source": {
"advisory": "0096",
"defect": [
"BUG 862986"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMitigation of this vulnerability requires disabling dot1x. Dot1x can be disabled globally using the following command:\u003c/p\u003e\u003cpre\u003eno dot1x system-auth-control\u003c/pre\u003e"
}
],
"value": "Mitigation of this vulnerability requires disabling dot1x. Dot1x can be disabled globally using the following command:\n\nno dot1x system-auth-control"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-5502",
"datePublished": "2026-06-04T22:39:34.101Z",
"dateReserved": "2023-10-10T15:58:04.589Z",
"dateUpdated": "2026-06-05T18:30:54.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5830 (GCVE-0-2023-5830)
Vulnerability from cvelistv5 – Published: 2023-10-27 20:31 – Updated: 2024-09-09 17:57
VLAI
Title
ColumbiaSoft Document Locator WebTools login improper authentication
Summary
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
Severity
7.3 (High)
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.243729 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.243729 | signaturepermissions-required |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ColumbiaSoft | Document Locator |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.243729"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.243729"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T17:57:01.356483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T17:57:22.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"WebTools"
],
"product": "Document Locator",
"vendor": "ColumbiaSoft",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Micah Van Deusen"
},
{
"lang": "en",
"type": "finder",
"value": "Matt Biedronski"
},
{
"lang": "en",
"type": "analyst",
"value": "mvdeusen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in ColumbiaSoft Document Locator entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /api/authentication/login der Komponente WebTools. Mit der Manipulation des Arguments Server mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 7.2 SP4 and 2021.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T20:31:06.511Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.243729"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.243729"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-10-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-27T15:59:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "ColumbiaSoft Document Locator WebTools login improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5830",
"datePublished": "2023-10-27T20:31:06.511Z",
"dateReserved": "2023-10-27T13:53:45.876Z",
"dateUpdated": "2024-09-09T17:57:22.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5970 (GCVE-0-2023-5970)
Vulnerability from cvelistv5 – Published: 2023-12-05 20:20 – Updated: 2024-08-02 08:14
VLAI
Summary
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
Severity
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-12-05 17:10
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SMA 200",
"SMA 210",
"SMA 400",
"SMA 410",
"SMA 500v"
],
"product": "SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "10.2.1.9-57sv and earlier versions"
}
]
}
],
"datePublic": "2023-12-05T17:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
}
],
"value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T20:20:01.534Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
}
],
"source": {
"advisory": "SNWLID-2023-0018",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-5970",
"datePublished": "2023-12-05T20:20:01.534Z",
"dateReserved": "2023-11-06T17:14:04.677Z",
"dateUpdated": "2024-08-02T08:14:25.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6248 (GCVE-0-2023-6248)
Vulnerability from cvelistv5 – Published: 2023-11-21 21:49 – Updated: 2024-10-17 18:01
VLAI
Title
Data leakage and arbitrary remote code execution in Syrus cloud devices
Summary
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:
* Get location data of the vehicle the device is connected to
* Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )
* Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )
* Get live video through the connected video camera
* Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.digitalcomtech.com/product/syrus-4g-i… | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Communications Technologies | Syrus4 IoT Telematics Gateway |
Affected:
apex-23.43.2
|
|
| digitalcomtech | syrus_4g_iot_telematics_gateway_firmware |
Affected:
apex-23.43.2
cpe:2.3:o:digitalcomtech:syrus_4g_iot_telematics_gateway_firmware:apex-23.43.2:*:*:*:*:*:*:* |
Date Public
2023-11-24 09:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:digitalcomtech:syrus_4g_iot_telematics_gateway_firmware:apex-23.43.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "syrus_4g_iot_telematics_gateway_firmware",
"vendor": "digitalcomtech",
"versions": [
{
"status": "affected",
"version": "apex-23.43.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:17.604517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:01:16.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Cloud Management System",
"Telematics Gateway"
],
"platforms": [
"ARM",
"Linux"
],
"product": "Syrus4 IoT Telematics Gateway",
"vendor": "Digital Communications Technologies",
"versions": [
{
"status": "affected",
"version": "apex-23.43.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yashin Mehaboobe"
}
],
"datePublic": "2023-11-24T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eGet location data of the vehicle the device is connected to\u003c/li\u003e\u003cli\u003eSend CAN bus messages via the ECU module (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://syrus.digitalcomtech.com/docs/ecu-1\"\u003ehttps://syrus.digitalcomtech.com/docs/ecu-1\u003c/a\u003e)\u003cbr\u003e\u003c/li\u003e\u003cli\u003eImmobilize the vehicle via the safe-immobilizer module (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization\"\u003ehttps://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization\u003c/a\u003e)\u003cbr\u003e\u003c/li\u003e\u003cli\u003eGet live video through the connected video camera\u003cbr\u003e\u003c/li\u003e\u003cli\u003eSend audio messages to the driver (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://syrus.digitalcomtech.com/docs/system-tools#apx-tts\"\u003ehttps://syrus.digitalcomtech.com/docs/system-tools#apx-tts\u003c/a\u003e)\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:\n\n * Get location data of the vehicle the device is connected to\n * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )\n\n * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )\n\n * Get live video through the connected video camera\n\n * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-175",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-175 Code Inclusion"
}
]
},
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T21:49:35.831Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-15T23:15:00.000Z",
"value": "Initial email to vendor"
},
{
"lang": "en",
"time": "2023-04-25T23:37:00.000Z",
"value": "Follow up email due to no response from vendor"
},
{
"lang": "en",
"time": "2023-04-26T20:58:00.000Z",
"value": "Response from vendor to use support channel"
},
{
"lang": "en",
"time": "2023-04-26T22:00:00.000Z",
"value": "Details provided to the vendor via support channel"
},
{
"lang": "en",
"time": "2023-05-31T22:00:00.000Z",
"value": "No response from vendor. Request for confirmation"
},
{
"lang": "en",
"time": "2023-08-22T22:00:00.000Z",
"value": "Support ticket discarded"
},
{
"lang": "en",
"time": "2023-10-28T22:00:00.000Z",
"value": "Additional request for confirmation. No response from vendor."
}
],
"title": "Data leakage and arbitrary remote code execution in Syrus cloud devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2023-6248",
"datePublished": "2023-11-21T21:49:35.831Z",
"dateReserved": "2023-11-21T21:48:18.990Z",
"dateUpdated": "2024-10-17T18:01:16.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6329 (GCVE-0-2023-6329)
Vulnerability from cvelistv5 – Published: 2023-11-27 16:34 – Updated: 2024-08-02 08:28
VLAI
Title
Control iD iDSecure passwordCustom Authentication Bypass
Summary
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Control iD | iDSecure |
Affected:
4.7.32.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tenable.com/security/research/tra-2023-36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDSecure",
"vendor": "Control iD",
"versions": [
{
"status": "affected",
"version": "4.7.32.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \"passwordCustom\" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user."
}
],
"value": "An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \"passwordCustom\" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T15:47:13.770Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://tenable.com/security/research/tra-2023-36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Control iD iDSecure passwordCustom Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-6329",
"datePublished": "2023-11-27T16:34:50.656Z",
"dateReserved": "2023-11-27T16:18:25.451Z",
"dateUpdated": "2024-08-02T08:28:21.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6342 (GCVE-0-2023-6342)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:41 – Updated: 2024-10-15 17:41
VLAI
Title
Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass
Summary
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and
'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.tylertech.com/solutions/courts-public… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://techcrunch.com/2023/11/30/us-court-record… | media-coverage |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | third-party-advisorygovernment-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | Court Case Management Plus |
Affected:
0 , < ~2023-11-01
(custom)
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:28:36.673869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:41:05.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"lessThan": "~2023-11-01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the \u0027CmWebSearchPfp/Login.aspx?xyzldk=\u0027 and \u003cbr\u003e\u0027payforprint_CM/Redirector.ashx?userid=\u0027 parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01."
}
],
"value": "Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the \u0027CmWebSearchPfp/Login.aspx?xyzldk=\u0027 and \n\u0027payforprint_CM/Redirector.ashx?userid=\u0027 parameters. The vulnerable \"pay for print\" feature was removed on or around 2023-11-01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:51:30.039Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Court Case Management Plus \"pay for print\" allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6342",
"datePublished": "2023-11-30T17:41:13.229Z",
"dateReserved": "2023-11-27T22:29:22.709Z",
"dateUpdated": "2024-10-15T17:41:05.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6343 (GCVE-0-2023-6343)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:47 – Updated: 2025-08-25 19:55
VLAI
Title
Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass
Summary
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.tylertech.com/solutions/courts-public… | product |
| https://www.aquaforest.com/blog/tiff-server-secur… | vendor-advisory |
| https://www.aquaforest.com/blog/aquaforest-tiff-s… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://techcrunch.com/2023/11/30/us-court-record… | media-coverage |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | third-party-advisorygovernment-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | Court Case Management Plus |
Affected:
0 , < ~2023-11-01
(custom)
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:55:24.069038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:55:29.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"lessThan": "~2023-11-01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\u003cdiv\u003eTyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx \u0027FN\u0027 and \u0027PN\u0027 parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx \u0027FN\u0027 and \u0027PN\u0027 parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:51:58.422Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6343",
"datePublished": "2023-11-30T17:47:54.613Z",
"dateReserved": "2023-11-27T22:29:25.861Z",
"dateUpdated": "2025-08-25T19:55:29.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6344 (GCVE-0-2023-6344)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:48 – Updated: 2025-06-03 02:30
VLAI
Title
Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass
Summary
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.tylertech.com/solutions/courts-public… | product |
| https://www.aquaforest.com/blog/tiff-server-secur… | vendor-advisory |
| https://www.aquaforest.com/blog/aquaforest-tiff-s… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://techcrunch.com/2023/11/30/us-court-record… | media-coverage |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | third-party-advisorygovernment-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | Court Case Management Plus |
Affected:
0 , < ~2023-11-01
(custom)
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T02:29:35.498165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T02:30:17.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"lessThan": "~2023-11-01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx \u0027ifolder\u0027 parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\u003cbr\u003e"
}
],
"value": "Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx \u0027ifolder\u0027 parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:52:33.781Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6344",
"datePublished": "2023-11-30T17:48:42.195Z",
"dateReserved": "2023-11-28T00:16:54.397Z",
"dateUpdated": "2025-06-03T02:30:17.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6353 (GCVE-0-2023-6353)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:51 – Updated: 2025-08-25 19:55
VLAI
Title
Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
Summary
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.tylertech.com/solutions/courts-public… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://techcrunch.com/2023/11/30/us-court-record… | media-coverage |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | third-party-advisorygovernment-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | Civil and Criminal Electronic Filing |
Affected:
0
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:55:05.941477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:55:12.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Civil and Criminal Electronic Filing",
"vendor": "Tyler Technologies",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eTyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx \u0027enky\u0027 parameter.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:53:39.215Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"third-party-advisory",
"government-resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6353",
"datePublished": "2023-11-30T17:51:10.531Z",
"dateReserved": "2023-11-28T02:57:05.114Z",
"dateUpdated": "2025-08-25T19:55:12.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6354 (GCVE-0-2023-6354)
Vulnerability from cvelistv5 – Published: 2023-11-30 17:53 – Updated: 2024-08-02 08:28
VLAI
Title
Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass
Summary
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
Severity
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.tylertech.com/solutions/courts-public… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://techcrunch.com/2023/11/30/us-court-record… | media-coverage |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | government-resourcethird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | Magistrate Court Case Management Plus |
Affected:
0
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Magistrate Court Case Management Plus",
"vendor": "Tyler Technologies",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eTyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx \u0027filename\u0027 parameter.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:54:04.031Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tylertech.com/solutions/courts-public-safety/courts-justice"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"media-coverage"
],
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6354",
"datePublished": "2023-11-30T17:53:26.147Z",
"dateReserved": "2023-11-28T02:57:10.860Z",
"dateUpdated": "2024-08-02T08:28:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.