CVE-2023-45688 Information leak via path traversal in Titan MFT and Titan SFTP servers

2023-10-1616:14:41

CWE-22

rapid7

www.cve.org

cve-2023-45688

information leak

path traversal

titan mft

titan sftp

south river technologies

linux

authenticated attacker

filesystem

ftp

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Lack of sufficient path validation in South River Technologies’ Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp “SIZE” command

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Titan MFT",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Titan SFTP",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]