PT-2018-4881 · Biscom · Biscom Secure File Transfer

Published

2018-01-25

Updated

2018-02-13

CVE-2016-10710

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Biscom Secure File Transfer (SFT) versions 5.0.1000 through 5.0.1048

Description The issue allows remote authenticated users to overwrite or read files via crafted requests due to the lack of validation of the dataFieldId value. This is possible because the software uses sequential numbers.

Recommendations For versions 5.0.1000 through 5.0.1048, update to version 5.0.1050 to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-10710

Affected Products

Biscom Secure File Transfer

PT-2018-4881 · Biscom · Biscom Secure File Transfer

CVE-2016-10710

Weakness Enumeration

Related Identifiers

Affected Products

References · 3