HIGH✓ PATCH🇬🇧 English

CVE-2023-45686

CVSS 7.2v3.1pub. 2023-10-16upd. 2024-11-21

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Southrivertech Titan Mfp Server

    APP
    Southrivertech
    < 2.0.18
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2023-45685CRITICAL9.1ten sam vendor

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...

CVE-2022-34005CRITICAL9.8ten sam vendor

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution du...

CVE-2023-45687HIGH8.8ten sam vendor

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Wi...

CVE-2023-27744HIGH7.8ten sam vendor

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privile...

CVE-2023-27745HIGH8.8ten sam vendor

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to...