Vulnerabilites related to southrivertech - titan_mft_server
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_sftp_server | * | |
| southrivertech | titan_sftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2740E6FA-C5D8-465F-95A7-54F75421FD95",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E6520883-8DE6-4682-8937-1E49573112EA",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient path validation when extracting a zip archive in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal"
},
{
"lang": "es",
"value": "La validaci\u00f3n de ruta insuficiente al extraer un archivo zip en los servidores Titan MFT y Titan SFTP de South River Technologies en Windows y Linux permite a un atacante autenticado escribir un archivo en cualquier ubicaci\u00f3n del sistema de archivos a trav\u00e9s de un path traversal"
}
],
"id": "CVE-2023-45685",
"lastModified": "2024-11-21T08:27:13.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-16T17:15:09.963",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_sftp_server | * | |
| southrivertech | titan_sftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2740E6FA-C5D8-465F-95A7-54F75421FD95",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E6520883-8DE6-4682-8937-1E49573112EA",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server\u0027s authentication if they can trick an administrator into authorizating a session id of their choosing"
},
{
"lang": "es",
"value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux y Windows permite a un atacante eludir la autenticaci\u00f3n del servidor si puede enga\u00f1ar a un administrador para que autorice una identificaci\u00f3n de sesi\u00f3n de su elecci\u00f3n."
}
],
"id": "CVE-2023-45687",
"lastModified": "2024-11-21T08:27:13.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-16T17:15:10.107",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
Summary
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_sftp_server | * | |
| southrivertech | titan_sftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2740E6FA-C5D8-465F-95A7-54F75421FD95",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5",
"versionEndExcluding": "2.0.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E6520883-8DE6-4682-8937-1E49573112EA",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal"
},
{
"lang": "es",
"value": "La falta de suficiente validaci\u00f3n de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Windows y Linux permite a un atacante autenticado con privilegios administrativos leer cualquier archivo en el sistema de archivos a trav\u00e9s de path traversal"
}
],
"id": "CVE-2023-45689",
"lastModified": "2024-11-21T08:27:13.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T17:15:10.243",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
Summary
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_mft_server | * | |
| southrivertech | titan_sftp_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B3EDB373-C26D-478D-9B44-D2D5A19276E5",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp \"SIZE\" command"
},
{
"lang": "es",
"value": "La falta de suficiente validaci\u00f3n de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado obtener el tama\u00f1o de un archivo arbitrario en el sistema de archivos utilizando path traversal en el comando ftp \"SIZE\""
}
],
"id": "CVE-2023-45688",
"lastModified": "2024-11-21T08:27:13.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T17:15:10.183",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 17:15
Modified
2024-11-21 08:27
Severity ?
Summary
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| southrivertech | titan_ftp_server | * | |
| southrivertech | titan_mft_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6789AE7E-5499-4F33-954F-B051EF52C213",
"versionEndIncluding": "2.0.16.2277",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6F4EB0AE-8C4A-4FF6-AE00-D87C9719C6D7",
"versionEndExcluding": "2.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
},
{
"lang": "es",
"value": "Los permisos de archivos predeterminados en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permiten que un usuario que se autentica en el sistema operativo lea archivos confidenciales en el sistema de archivos."
}
],
"id": "CVE-2023-45690",
"lastModified": "2024-11-21T08:27:13.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-16T17:15:10.310",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-45685 (GCVE-0-2023-45685)
Vulnerability from cvelistv5
Published
2023-10-16 16:08
Modified
2024-09-16 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:south_river_technologies:titan_mft:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "titan_mft",
"vendor": "south_river_technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:south_river_technologies:titan_sftp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "titan_sftp",
"vendor": "south_river_technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T14:42:01.582346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:48:25.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient path validation when extracting a zip archive in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal"
}
],
"value": "Insufficient path validation when extracting a zip archive in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:08:25.668Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file write via \"zip slip\" in Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45685",
"datePublished": "2023-10-16T16:08:25.668Z",
"dateReserved": "2023-10-10T19:07:28.770Z",
"dateUpdated": "2024-09-16T14:48:25.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45689 (GCVE-0-2023-45689)
Vulnerability from cvelistv5
Published
2023-10-16 16:19
Modified
2024-09-16 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:04:05.617300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:05:30.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal"
}
],
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:19:08.287Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45689",
"datePublished": "2023-10-16T16:19:08.287Z",
"dateReserved": "2023-10-10T19:07:28.771Z",
"dateUpdated": "2024-09-16T18:05:30.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45688 (GCVE-0-2023-45688)
Vulnerability from cvelistv5
Published
2023-10-16 16:14
Modified
2024-09-16 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:06:47.469638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:06:59.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp \"SIZE\" command"
}
],
"value": "Lack of sufficient path validation in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp \"SIZE\" command"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:15:00.585Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information leak via path traversal in Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45688",
"datePublished": "2023-10-16T16:14:41.841Z",
"dateReserved": "2023-10-10T19:07:28.771Z",
"dateUpdated": "2024-09-16T18:06:59.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45687 (GCVE-0-2023-45687)
Vulnerability from cvelistv5
Published
2023-10-16 16:12
Modified
2024-09-16 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:*"
],
"defaultStatus": "unknown",
"product": "titan_mft_server",
"vendor": "southrivertech",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "titan_mft_server",
"vendor": "southrivertech",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:*"
],
"defaultStatus": "unknown",
"product": "titan_sftp_server",
"vendor": "southrivertech",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "titan_sftp_server",
"vendor": "southrivertech",
"versions": [
{
"lessThan": "2.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:39:28.123875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:41:29.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"Windows"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A session fixation vulnerability in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server\u0027s authentication if they can trick an administrator into authorizating a session id of their choosing"
}
],
"value": "A session fixation vulnerability in South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server\u0027s authentication if they can trick an administrator into authorizating a session id of their choosing"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:12:31.582Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication bypass via session fixation in Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45687",
"datePublished": "2023-10-16T16:12:31.582Z",
"dateReserved": "2023-10-10T19:07:28.771Z",
"dateUpdated": "2024-09-16T17:41:29.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45690 (GCVE-0-2023-45690)
Vulnerability from cvelistv5
Published
2023-10-16 16:20
Modified
2024-09-16 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | South River Technologies | Titan MFT |
Version: 0 ≤ 2.0.17.2298 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:41:48.328097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:41:56.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan MFT",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Titan SFTP",
"vendor": "South River Technologies",
"versions": [
{
"lessThanOrEqual": "2.0.17.2298",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
}
],
"value": "Default file permissions on South River Technologies\u0027 Titan MFT and Titan SFTP servers on Linux allows a user that\u0027s authentication to the OS to read sensitive files on the filesystem"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T16:20:52.656Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/"
},
{
"url": "https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information leak via default file permissions on Titan MFT and Titan SFTP servers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-45690",
"datePublished": "2023-10-16T16:20:52.656Z",
"dateReserved": "2023-10-10T19:07:28.771Z",
"dateUpdated": "2024-09-16T17:41:56.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}