CRITICAL🇬🇧 English

CVE-2022-34005

CVSS 9.8v3.1pub. 2022-06-19upd. 2024-11-21

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Southrivertech Titan Ftp Server Nextgen

    APP
    Southrivertech
    < 1.2.1050
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2023-27744HIGH7.8ten sam produkt

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privile...

CVE-2023-27745HIGH8.8ten sam produkt

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to...

CVE-2022-34006HIGH7.8ten sam produkt

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Ex...

CVE-2023-45685CRITICAL9.1ten sam vendor

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...

CVE-2023-45686HIGH7.2ten sam vendor

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan S...