CVE-2023-45689
Summary
| CVE | CVE-2023-45689 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-16 17:15:00 UTC |
| Updated | 2023-10-24 16:30:00 UTC |
| Description | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Southrivertech | Titan Mft Server | All | All | All | All |
| Application | Southrivertech | Titan Mft Server | All | All | All | All |
| Application | Southrivertech | Titan Sftp Server | All | All | All | All |
| Application | Southrivertech | Titan Sftp Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Vulnerabilities: South River Technologies Titan MFT & Titan SFTP [FIXED] | Rapid7 Blog | MISC | www.rapid7.com | |
| POPUP | MISC | helpdesk.southrivertech.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.