CVE-2023-45685
published 2023-10-16CVE-2023-45685: Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an…
PriorityP349critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
1.41%
69.2th percentile
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| south_river_technologies | titan_mft | <= 2.0.17.2298 | — |
| south_river_technologies | titan_sftp | <= 2.0.17.2298 | — |
| southrivertech | titan_mft_server | < 2.0.18 | 2.0.18 |
| southrivertech | titan_sftp_server | < 2.0.18 | 2.0.18 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7w42-6f8j-cx26: Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows a
ghsa_unreviewed·2023-10-16
CVE-2023-45685 [CRITICAL] CWE-22 GHSA-7w42-6f8j-cx26: Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows a
Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Jettison) — CVE-2022-45685
vendor_oracle·2023-04-15·CVSS 7.5
CVE-2022-45685 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Jettison) — CVE-2022-45685
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Jettison) vulnerability
CVE: CVE-2022-45685
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
2023-10-16
Published