PT-2018-4881 · Biscom · Biscom Secure File Transfer
Publicado
2018-01-25
·
Atualizado
2018-02-13
·
CVE-2016-10710
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Biscom Secure File Transfer (SFT) versions 5.0.1000 through 5.0.1048
Description
The issue allows remote authenticated users to overwrite or read files via crafted requests due to the lack of validation of the
dataFieldId value. This is possible because the software uses sequential numbers.Recommendations
For versions 5.0.1000 through 5.0.1048, update to version 5.0.1050 to resolve the issue.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Biscom Secure File Transfer