CVE-2023-45687

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

Published: Oct 16, 2023
Updated: Oct 25, 2023
CVE: CVE-2023-45687
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
southrivertech / titan_mft_server	-	2.0.18
southrivertech / titan_sftp_server	-	2.0.18

https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Vulnerability Database

290,301

CVE-2023-45687