CVE-2023-45690

MEDIUM

Titan FTP Server and Titan MFT Server < 2.0.16.2277 - Sensitive File Exposure via Default File Permissions

Title source: llm

Description

Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem

References (2)

Core 2

Core References

Vendor Advisory

https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690

Exploit, Third Party Advisory

https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Scores

CVSS v3 4.9

EPSS 0.0148

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276

Status published

Products (2)

southrivertech/titan_ftp_server < 2.0.16.2277

southrivertech/titan_mft_server < 2.0.18

Published Oct 16, 2023

Tracked Since Feb 18, 2026