HIGH✓ PATCH🇬🇧 English

CVE-2023-45687

CVSS 8.8v3.1pub. 2023-10-16upd. 2024-11-21

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Southrivertech Titan Mft Server

    APP
    Southrivertech
    < 2.0.18
  • Southrivertech Titan Sftp Server

    APP
    Southrivertech
    < 2.0.18
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-45685CRITICAL9.1ten sam produkt

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...

CVE-2023-45688MEDIUM4.3ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allo...

CVE-2023-45689MEDIUM6.5ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows an...

CVE-2023-45690MEDIUM4.9ten sam produkt

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user ...

CVE-2022-34005CRITICAL9.8ten sam vendor

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution du...