8.8
CVE-2023-45687
- EPSS 1.18%
- Veröffentlicht 16.10.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:27:13
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginAuthentication bypass via session fixation in Titan MFT and Titan SFTP servers
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Southrivertech ≫ Titan Mft Server SwPlatformlinux Version < 2.0.18
Southrivertech ≫ Titan Mft Server SwPlatformwindows Version < 2.0.18
Southrivertech ≫ Titan Sftp Server SwPlatformlinux Version < 2.0.18
Southrivertech ≫ Titan Sftp Server SwPlatformwindows Version < 2.0.18
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.18% | 0.635 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/