CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-45685

CVSS 9.1v3.1pub. 2023-10-16upd. 2024-11-21

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Southrivertech Titan Mft Server

    APP
    Southrivertech
    < 2.0.18
  • Southrivertech Titan Sftp Server

    APP
    Southrivertech
    < 2.0.18
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-45687HIGH8.8ten sam produkt

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Wi...

CVE-2023-45688MEDIUM4.3ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allo...

CVE-2023-45689MEDIUM6.5ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows an...

CVE-2023-45690MEDIUM4.9ten sam produkt

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user ...

CVE-2022-34005CRITICAL9.8ten sam vendor

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution du...