Vulnerability Details CVE-2023-45685
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 9.1
References
- https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
- https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
- https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
- https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
Products affected by CVE-2023-45685
-
cpe:2.3:a:southrivertech:titan_mft_server:*
-
cpe:2.3:a:southrivertech:titan_sftp_server:*