Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Oct 2023, 16:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ - Exploit, Third Party Advisory | |
References | (MISC) https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 - Vendor Advisory | |
CPE | cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:* cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:* |
|
First Time |
Southrivertech titan Mft Server
Southrivertech titan Sftp Server Southrivertech |
|
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
16 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 17:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-45689
Mitre link : CVE-2023-45689
CVE.ORG link : CVE-2023-45689
JSON object : View
Products Affected
southrivertech
- titan_sftp_server
- titan_mft_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')