// For flags

CVE-2023-45688

Information leak via path traversal in Titan MFT and Titan SFTP servers

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command

La falta de suficiente validaciĆ³n de ruta en los servidores Titan MFT y Titan SFTP de South River Technologies en Linux permite a un atacante autenticado obtener el tamaƱo de un archivo arbitrario en el sistema de archivos utilizando path traversal en el comando ftp "SIZE"

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-10-10 CVE Reserved
  • 2023-10-16 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-10-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Southrivertech
Search vendor "Southrivertech"
Titan Mft Server
Search vendor "Southrivertech" for product "Titan Mft Server"
< 2.0.18
Search vendor "Southrivertech" for product "Titan Mft Server" and version " < 2.0.18"
linux
Affected
Southrivertech
Search vendor "Southrivertech"
Titan Sftp Server
Search vendor "Southrivertech" for product "Titan Sftp Server"
< 2.0.18
Search vendor "Southrivertech" for product "Titan Sftp Server" and version " < 2.0.18"
linux
Affected