CVE-2023-45687

HIGH

South River Technologies - Privilege Escalation

Title source: llm

Description

A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing

References (2)

[Vendor Advisory] https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

[Exploit, Third Party Advisory] https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 32.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-384

Status published

Products (2)

southrivertech/titan_mft_server < 2.0.18 (2 CPE variants)

southrivertech/titan_sftp_server < 2.0.18 (2 CPE variants)

Published Oct 16, 2023

Tracked Since Feb 18, 2026