CVE-2023-45689 Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers

2023-10-1616:19:08

CWE-22

rapid7

www.cve.org

cve-2023-45689

path traversal

south river technologies

titan mft

titan sftp

windows

linux

administrative privileges

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

Lack of sufficient path validation in South River Technologies’ Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan MFT",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "Windows"
    ],
    "product": "Titan SFTP",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]