A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Oct 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-384 | |
First Time |
Southrivertech titan Mft Server
Southrivertech titan Sftp Server Southrivertech |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:* cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:* |
|
References | (MISC) https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ - Exploit, Third Party Advisory | |
References | (MISC) https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 - Vendor Advisory |
16 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 17:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-45687
Mitre link : CVE-2023-45687
CVE.ORG link : CVE-2023-45687
JSON object : View
Products Affected
southrivertech
- titan_sftp_server
- titan_mft_server
CWE
CWE-384
Session Fixation