CVE-2023-6344 MEDIUM

CVE-2023-6344: Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and te004.aspx allows authentication bypass

Vendor Tyler Technologies
Product Court Case Management Plus
Weakness CWE-287 · Improper authentication
Published November 30, 2023
Last update June 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.

Key dates

02Disclosure timeline

November 30, 2023 CVE published
June 3, 2025 Record updated