vulnerability

Titan MFT: CVE-2023-45689: Information disclosure via path traversal in admin interface

Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Oct 16, 2023
Added
Oct 16, 2023
Modified
Oct 16, 2023

Description


Using the `MxUtilFileAction` model, an administrator can retrieve and delete files from anywhere on the file system by using `../` sequences in their path. Note that administrators have full access to the host's file system using other techniques, so this is a very minor issue.

Solution

titan-mft-october-updates
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.