CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44685
https://notcve.org/view.php?id=CVE-2024-44685
13 Sep 2024 — Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI. • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-cve-2024-44685 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45690 – Information leak via default file permissions on Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45690
16 Oct 2023 — Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem Los permisos de archivos predeterminados en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permiten que un usuario que se autentica en el sistema operativo lea archivos confidenciales en el sistema de archivos. • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45689 – Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45689
16 Oct 2023 — Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal La falta de suficiente validación de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Windows y Linux permite a un atacante autenticado con privilegios administrativos leer cualquier archivo en el sistema de archivos a través de path traversal • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-45688 – Information leak via path traversal in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45688
16 Oct 2023 — Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command La falta de suficiente validación de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado obtener el tamaño de un archivo arbitrario en el sistema de archivos utilizando path traversal en el comando ftp "SIZ... • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45687 – Authentication bypass via session fixation in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45687
16 Oct 2023 — A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing Una vulnerabilidad de fijación de sesión en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux y Windows permite a un atacante eludir la autenticación del servidor si puede engañar a un administrador para que autorice una identifi... • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-384: Session Fixation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45686 – Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45686
16 Oct 2023 — Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal La validación de ruta insuficiente al escribir un archivo a través de WebDAV en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado escribir un archivo en cualquier ubicación del sistema de archivos a través de un path tra... • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2023-45685 – Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers
https://notcve.org/view.php?id=CVE-2023-45685
16 Oct 2023 — Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal La validación de ruta insuficiente al extraer un archivo zip en los servidores Titan MFT y Titan SFTP de South River Technologies en Windows y Linux permite a un atacante autenticado escribir un archivo en cualquier ubicación del sistema de archivos a través de un pat... • https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2022-44215
https://notcve.org/view.php?id=CVE-2022-44215
22 Aug 2023 — There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. Hay una vulnerabilidad de redirección abierta en las versiones 19.0 e inferiores del servidor Titan FTP. Los usuarios son redirigidos a cualquier URL de destino. • https://github.com/JBalanza/CVE-2022-44215 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27744
https://notcve.org/view.php?id=CVE-2023-27744
02 Jun 2023 — An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27745
https://notcve.org/view.php?id=CVE-2023-27745
02 Jun 2023 — An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. • https://www.southrivertech.com/software/nextgen/titanftp/en/relnotes.pdf • CWE-346: Origin Validation Error •