CVE-2023-45687

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
southrivertechtitan_mft_server
𝑥
< 2.0.18
southrivertechtitan_mft_server
𝑥
< 2.0.18
southrivertechtitan_sftp_server
𝑥
< 2.0.18
southrivertechtitan_sftp_server
𝑥
< 2.0.18
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
southrivertechtitan_mft_server
𝑥
< 2.0.18
ADP
southrivertechtitan_mft_server
𝑥
< 2.0.18
ADP
southrivertechtitan_sftp_server
𝑥
< 2.0.18
ADP
southrivertechtitan_sftp_server
𝑥
< 2.0.18
ADP
Common Weakness Enumeration
References
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/