vulnerability
Titan MFT: CVE-2023-45689: Information disclosure via path traversal in admin interface
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Oct 16, 2023 | Oct 16, 2023 | Oct 16, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Oct 16, 2023
Added
Oct 16, 2023
Modified
Oct 16, 2023
Description
Using the `MxUtilFileAction` model, an administrator can retrieve and delete files from anywhere on the file system by using `../` sequences in their path. Note that administrators have full access to the host's file system using other techniques, so this is a very minor issue.
Solution
titan-mft-october-updates
References
- CVE-2023-45689
- https://attackerkb.com/topics/CVE-2023-45689
- URL-https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
- URL-https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.