CVE-2023-45689

Summary

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal

Affected Software

VendorProductVersion RangeStatus
South River TechnologiesTitan MFT0 <= 2.0.17.2298affected
South River TechnologiesTitan SFTP0 <= 2.0.17.2298affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References