A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Oct 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:windows:*:* cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:linux:*:* cpe:2.3:a:southrivertech:titan_mft_server:*:*:*:*:*:linux:*:* cpe:2.3:a:southrivertech:titan_sftp_server:*:*:*:*:*:windows:*:* |
|
First Time |
Southrivertech
Southrivertech titan Mft Server Southrivertech titan Sftp Server |
|
CWE | CWE-384 | |
References | (MISC) https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 - Vendor Advisory | |
References | (MISC) https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/ - Exploit, Third Party Advisory |
16 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 17:15
Updated : 2024-09-17 02:35
NVD link : CVE-2023-45687
Mitre link : CVE-2023-45687
CVE.ORG link : CVE-2023-45687
JSON object : View
Products Affected
southrivertech
- titan_mft_server
- titan_sftp_server
CWE
CWE-384
Session Fixation