CVE-2023-45687
Summary
| CVE | CVE-2023-45687 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-16 17:15:00 UTC |
| Updated | 2023-10-24 15:58:00 UTC |
| Description | A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing |
Risk And Classification
Problem Types: CWE-384
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Southrivertech | Titan Mft Server | All | All | All | All |
| Application | Southrivertech | Titan Mft Server | All | All | All | All |
| Application | Southrivertech | Titan Sftp Server | All | All | All | All |
| Application | Southrivertech | Titan Sftp Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Vulnerabilities: South River Technologies Titan MFT & Titan SFTP [FIXED] | Rapid7 Blog | MISC | www.rapid7.com | |
| POPUP | MISC | helpdesk.southrivertech.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.