Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Tyler Odyssey 信任管理问题漏洞
Vulnerability Description
Tyler Technologies Tyler Odyssey是美国Tyler Technologies公司的一个法院和司法软件系统。 Tyler Odyssey 存在安全漏洞,该漏洞源于将未加密字节从中间人传递给客户端 中间攻击者可以向客户端的前几个查询注入错误响应,即使使用了 SSL 证书验证和加密。
CVSS Information
N/A
Vulnerability Type
N/A