CVE-2023-45689

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

Published: Oct 16, 2023
Updated: Oct 25, 2023
CVE: CVE-2023-45689
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
southrivertech / titan_mft_server	-	2.0.18
southrivertech / titan_sftp_server	-	2.0.18

https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Vulnerability Database

290,301

CVE-2023-45689