N/A

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.

N/A

不充分的凭证保护机制

Tyler Odyssey 信任管理问题漏洞

Tyler Technologies Tyler Odyssey是美国Tyler Technologies公司的一个法院和司法软件系统。 Tyler Odyssey 存在安全漏洞，该漏洞源于将未加密字节从中间人传递给客户端 中间攻击者可以向客户端的前几个查询注入错误响应，即使使用了 SSL 证书验证和加密。

N/A

N/A