MEDIUM✓ PATCH🇬🇧 English

CVE-2023-45688

CVSS 4.3v3.1pub. 2023-10-16upd. 2024-11-21

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Southrivertech Titan Mft Server

    APP
    Southrivertech
    < 2.0.18
  • Southrivertech Titan Sftp Server

    APP
    Southrivertech
    < 2.0.18
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-45685CRITICAL9.1ten sam produkt

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...

CVE-2023-45687HIGH8.8ten sam produkt

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Wi...

CVE-2023-45689MEDIUM6.5ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows an...

CVE-2023-45690MEDIUM4.9ten sam produkt

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user ...

CVE-2022-34005CRITICAL9.8ten sam vendor

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution du...