MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2023-45688

CVSS 4.3v3.1pub. 2023-10-16upd. 2024-11-21

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Southrivertech Titan Mft Server

    APP
    Southrivertech
    < 2.0.18
  • Southrivertech Titan Sftp Server

    APP
    Southrivertech
    < 2.0.18
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-45685CRITICAL9.1ten sam produkt

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SF...

CVE-2023-45687HIGH8.8ten sam produkt

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Wi...

CVE-2023-45689MEDIUM6.5ten sam produkt

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows an...

CVE-2023-45690MEDIUM4.9ten sam produkt

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user ...

CVE-2022-34005CRITICAL9.8ten sam vendor

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution du...