fkie_nvd - fkie_cve-2023-53893

fkie_cve-2023-53893

Vulnerability from fkie_nvd

Published

2025-12-15 21:15

Modified

2025-12-18 21:36

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.

References

URL	Tags
disclosure@vulncheck.com	https://www.ateme.com/product-titan-software/	Product
disclosure@vulncheck.com	https://www.exploit-db.com/exploits/51582	Exploit, Third Party Advisory
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability	Third Party Advisory
disclosure@vulncheck.com	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php	Third Party Advisory

Impacted products

Vendor	Product	Version
ateme	titan_file	3.9.8.0
ateme	titan_file	3.9.9.2
ateme	titan_file	3.9.11.0
ateme	titan_file	3.9.12.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ateme:titan_file:3.9.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4B3875-7745-42FE-925A-7D866410CB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ateme:titan_file:3.9.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DF94E7-D06E-424E-8804-935CA80EE9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ateme:titan_file:3.9.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93FCDBD7-B26D-4FB8-90B3-3CE462B0CD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ateme:titan_file:3.9.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12949D5-B928-4C32-8B06-BE4AD5633BFE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations."
    }
  ],
  "id": "CVE-2023-53893",
  "lastModified": "2025-12-18T21:36:17.203",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-15T21:15:52.683",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.ateme.com/product-titan-software/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.exploit-db.com/exploits/51582"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}

CVE-2023-53893 (GCVE-0-2023-53893)

Vulnerability from cvelistv5

Published

2025-12-15 20:28

Modified

2025-12-15 21:46

Severity ?

5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)