CVE-2023-45686 Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers

2023-10-1616:10:10

CWE-22

rapid7

www.cve.org

titan mft

titan sftp

path validation

authenticated attacker

webdav

path traversal

linux

filesystem

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.2%

JSON

Insufficient path validation when writing a file via WebDAV in South River Technologies’ Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Titan MFT",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Titan SFTP",
    "vendor": "South River Technologies",
    "versions": [
      {
        "lessThanOrEqual": "2.0.17.2298",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]