CVE-2023-45690
published 2023-10-16CVE-2023-45690: Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive…
PriorityP427medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
1.48%
70.7th percentile
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| south_river_technologies | titan_mft | <= 2.0.17.2298 | — |
| south_river_technologies | titan_sftp | <= 2.0.17.2298 | — |
| southrivertech | titan_ftp_server | <= 2.0.16.2277 | — |
| southrivertech | titan_mft_server | < 2.0.18 | 2.0.18 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfjh-chmq-4prp: Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read
ghsa_unreviewed·2023-10-16
CVE-2023-45690 [MEDIUM] CWE-276 GHSA-mfjh-chmq-4prp: Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (JSON-java) — CVE-2022-45690
vendor_oracle·2023-10-15·CVSS 7.5
CVE-2022-45690 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (JSON-java) — CVE-2022-45690
Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (JSON-java) vulnerability
CVE: CVE-2022-45690
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2023 (OCT 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
2023-10-16
Published