Rapid7 uncovered multiple vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers as part of our ongoing research effort into managed file transfer risk, which includes JSCAPE MFT and Fortra Globalscape EFT Server. Despite the fact that these need exceptional circumstances or non-standard configurations, as well as a legitimate user login, the implications of exploitation can result in remote superuser access to the afflicted server.
Titan MFT and Titan SFTP are enterprise-class Managed File Transfer (MFT) servers that support high-availability failover and clustering. They are extremely similar products with a similar code base, with the exception of Titan MFT having some additional functionality such as WebDAV. These problems have been confirmed to affect Titan MFT and Titan SFTP versions 220.127.116.117 and 18.104.22.1688 (previous versions are also affected, according to the manufacturer).