Lucene search

[email protected]NVD:CVE-2023-45690

HistoryOct 16, 2023 - 5:15 p.m.

CVE-2023-45690

2023-10-1617:15:10

CWE-276

[email protected]

web.nvd.nist.gov

file permissions

unauthorized access

sensitive files

linux

south river technologies

titan mft

titan sftp

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Default file permissions on South River Technologies’ Titan MFT and Titan SFTP servers on Linux allows a user that’s authentication to the OS to read sensitive files on the filesystem

Affected configurations

NVD

Node

southrivertechtitan_ftp_serverRange≤2.0.16.2277

Node

southrivertechtitan_mft_serverRange<2.0.18linux

References

helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for NVD:CVE-2023-45690

prion1 cve1 cvelist1 thn1 rapid7blog1