Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.
References
Link | Resource |
---|---|
https://catalisgov.com/courts-land-records-support/ | Product |
https://github.com/qwell/disorder-in-the-court/blob/main/README-Catalis.md | Third Party Advisory |
https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/ | Third Party Advisory |
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisa-cg
Published: 2023-11-30T17:41:22.671Z
Updated: 2023-11-30T20:50:27.195Z
Reserved: 2023-11-27T22:29:14.492Z
Link: CVE-2023-6341
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-30T18:15:08.180
Modified: 2023-12-08T15:22:34.380
Link: CVE-2023-6341
JSON object: View
Redhat Information
No data.
CWE