CVE-2023-45685

🗓️ 16 Oct 2023 16:08:25Reported by rapid7Type

Insufficient path validation in Titan MFT/SFTP servers allows authenticated attackers to write files to any location via path traversal

Reporter	Title	Published	Views	Family All 39
Circl	CVE-2023-45685	16 Oct 202320:31	–	circl
CNNVD	South River Technologies TitanFTP NextGen Security Vulnerability	16 Oct 202300:00	–	cnnvd
CNNVD	South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities	16 Oct 202300:00	–	cnnvd
CNNVD	South River Technologies Titan MFT and Titan SFTP Authorization Issues Vulnerability	16 Oct 202300:00	–	cnnvd
CNNVD	South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities	16 Oct 202300:00	–	cnnvd
CNNVD	South River Technologies Titan MFT and Titan SFTP Path Traversal Vulnerabilities	16 Oct 202300:00	–	cnnvd
CNNVD	South River Technologies TitanFTP NextGen Path Traversal Vulnerability	16 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers	16 Oct 202316:08	–	cvelist
Cvelist	CVE-2023-45688 Information leak via path traversal in Titan MFT and Titan SFTP servers	16 Oct 202316:14	–	cvelist
Cvelist	CVE-2023-45689 Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers	16 Oct 202316:19	–	cvelist

NVD

Node

southrivertech titan_mft_serverRange<2.0.18linux

southrivertech titan_mft_serverRange<2.0.18windows

Node

southrivertech titan_sftp_serverRange<2.0.18linux

southrivertech titan_sftp_serverRange<2.0.18windows

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan MFT",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan SFTP",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
rapid7	www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
helpdesk	www.helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

21 Nov 2024 08:27Current

8.3High risk

Vulners AI Score8.3

CVSS 3.19.1

EPSS0.00371

SSVC

CWE-22