cbcvebase.
CVE-2023-45685
published 2023-10-16

CVE-2023-45685: Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an…

PriorityP349critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
1.41%
69.2th percentile
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

Affected

4 ranges
VendorProductVersion rangeFixed in
south_river_technologiestitan_mft<= 2.0.17.2298
south_river_technologiestitan_sftp<= 2.0.17.2298
southrivertechtitan_mft_server< 2.0.182.0.18
southrivertechtitan_sftp_server< 2.0.182.0.18

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.