Lucene search

[email protected]NVD:CVE-2023-45689

HistoryOct 16, 2023 - 5:15 p.m.

CVE-2023-45689

2023-10-1617:15:10

CWE-22

[email protected]

web.nvd.nist.gov

path validation

titan mft

titan sftp

windows

linux

filesystem

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

Lack of sufficient path validation in South River Technologies’ Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

Affected configurations

NVD

Node

southrivertechtitan_mft_serverRange<2.0.18linux

southrivertechtitan_mft_serverRange<2.0.18windows

Node

southrivertechtitan_sftp_serverRange<2.0.18linux

southrivertechtitan_sftp_serverRange<2.0.18windows

References

helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for NVD:CVE-2023-45689

prion1 cve1 cvelist1 rapid7blog1 thn1