Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by Aquaforest
CVE-2023-6352 (GCVE-0-2023-6352)
Vulnerability from nvd – Published: 2023-11-30 18:01 – Updated: 2024-08-02 08:28
VLAI
Title
Aquaforest TIFF Server default configuration allows access to arbitrary files
Summary
The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.
Severity
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.aquaforest.com/blog/tiff-server-secur… | vendor-advisory |
| https://www.aquaforest.com/blog/aquaforest-tiff-s… | product |
| https://www.aquaforest.com/wp-content/uploads/pdf… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | government-resourcethird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Aquaforest | TIFF Server |
Affected:
0 , ≤ 4.2.210913
(custom)
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"government-resource",
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "TIFF Server",
"vendor": "Aquaforest",
"versions": [
{
"lessThanOrEqual": "4.2.210913",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:53:10.977Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aquaforest TIFF Server default configuration allows access to arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6352",
"datePublished": "2023-11-30T18:01:09.116Z",
"dateReserved": "2023-11-28T02:56:54.701Z",
"dateUpdated": "2024-08-02T08:28:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9325 (GCVE-0-2020-9325)
Vulnerability from nvd – Published: 2020-03-18 13:13 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:13:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9325",
"datePublished": "2020-03-18T13:13:56.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9324 (GCVE-0-2020-9324)
Vulnerability from nvd – Published: 2020-03-18 13:13 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:13:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9324",
"datePublished": "2020-03-18T13:13:15.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9323 (GCVE-0-2020-9323)
Vulnerability from nvd – Published: 2020-03-18 13:11 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:11:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9323",
"datePublished": "2020-03-18T13:11:55.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6352 (GCVE-0-2023-6352)
Vulnerability from cvelistv5 – Published: 2023-11-30 18:01 – Updated: 2024-08-02 08:28
VLAI
Title
Aquaforest TIFF Server default configuration allows access to arbitrary files
Summary
The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.
Severity
5.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.aquaforest.com/blog/tiff-server-secur… | vendor-advisory |
| https://www.aquaforest.com/blog/aquaforest-tiff-s… | product |
| https://www.aquaforest.com/wp-content/uploads/pdf… | product |
| https://github.com/qwell/disorder-in-the-court/bl… | |
| https://www.cisa.gov/news-events/alerts/2023/11/3… | government-resourcethird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Aquaforest | TIFF Server |
Affected:
0 , ≤ 4.2.210913
(custom)
|
Date Public
2023-11-30 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"government-resource",
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "TIFF Server",
"vendor": "Aquaforest",
"versions": [
{
"lessThanOrEqual": "4.2.210913",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-30T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T20:53:10.977Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.aquaforest.com/blog/tiff-server-security-update"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"
},
{
"tags": [
"product"
],
"url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"
},
{
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"
},
{
"tags": [
"government-resource",
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aquaforest TIFF Server default configuration allows access to arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2023-6352",
"datePublished": "2023-11-30T18:01:09.116Z",
"dateReserved": "2023-11-28T02:56:54.701Z",
"dateUpdated": "2024-08-02T08:28:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9325 (GCVE-0-2020-9325)
Vulnerability from cvelistv5 – Published: 2020-03-18 13:13 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:13:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9325",
"datePublished": "2020-03-18T13:13:56.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9324 (GCVE-0-2020-9324)
Vulnerability from cvelistv5 – Published: 2020-03-18 13:13 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:13:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9324",
"datePublished": "2020-03-18T13:13:15.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9323 (GCVE-0-2020-9323)
Vulnerability from cvelistv5 – Published: 2020-03-18 13:11 – Updated: 2024-08-04 10:26
VLAI
Summary
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.criticalstart.com/resources/ | x_refsource_MISC |
| https://www.aquaforest.com/en/release_history.asp | x_refsource_MISC |
| https://www.criticalstart.com/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T13:11:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/resources/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.criticalstart.com/resources/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/resources/"
},
{
"name": "https://www.aquaforest.com/en/release_history.asp",
"refsource": "MISC",
"url": "https://www.aquaforest.com/en/release_history.asp"
},
{
"name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/",
"refsource": "MISC",
"url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9323",
"datePublished": "2020-03-18T13:11:55.000Z",
"dateReserved": "2020-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:26:16.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}