Tylertech

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-55077 1Tylertech 1Erp Pro 9 Sep 23, 2025 Aug 7, 2025 5.3 MEDIUM· v4 7.4 HIGH· v3 N/A· v2 Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authentica...Show more Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01.Show less
CVE-2023-6375 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.
CVE-2023-6354 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 9.4 CRITICAL· v3 N/A· v2 Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
CVE-2023-6353 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 9.4 CRITICAL· v3 N/A· v2 Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
CVE-2023-6344 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a...Show more Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. Show less
CVE-2023-6343 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use...Show more Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352. Show less
CVE-2023-6342 1Tylertech 1Court Case Management Plus Nov 21, 2024 Nov 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters...Show more Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.Show less
CVE-2022-26665 1Tylertech 1Odyssey Portal Nov 21, 2024 Apr 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records.
CVE-2019-16112 1Tylertech 1Eagle Nov 21, 2024 May 13, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
CVE-2013-6285 1Tylertech 1Taxweb Apr 29, 2026 Oct 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability tha...Show more The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020.Show less
CVE-2013-6020 1Tylertech 1Taxweb Apr 29, 2026 Oct 28, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumer...Show more passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.Show less
CVE-2013-6019 1Tylertech 1Taxweb Apr 29, 2026 Oct 28, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
CVE-2013-6018 1Tylertech 1Taxweb Apr 29, 2026 Oct 28, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password.