CVE-2022-26665

Published: Apr 18, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.

Affected (1)

Products: Tylertech: Odyssey Portal

Tylertech

1 product

Odyssey Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tylertech Odyssey Portal	Before 17.1.20

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (10)

https://news.ycombinator.com/item?id=30502117

Source: cve@mitre.org

Third Party Advisory

https://www.calbar.ca.gov/About-Us/News/Data-Breach-Updates

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryUS Government Resource

https://www.judyrecords.com/info

Source: cve@mitre.org

Third Party Advisory

https://www.judyrecords.com/what-happened-with-tyler-technologies

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.tylertech.com/dataharvest

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://news.ycombinator.com/item?id=30502117