Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
References
Configurations
History
24 Oct 2023, 16:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-22 | |
First Time |
Southrivertech titan Mft Server
Southrivertech titan Sftp Server Southrivertech |
|
References | (MISC) https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ - Exploit, Third Party Advisory | |
References | (MISC) https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 - Vendor Advisory |
16 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 17:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-45688
Mitre link : CVE-2023-45688
CVE.ORG link : CVE-2023-45688
JSON object : View
Products Affected
southrivertech
- titan_sftp_server
- titan_mft_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')