Lucene search

MitreCVE-2016-10710

HistoryJan 25, 2018 - 11:29 p.m.

CVE-2016-10710

2018-01-2523:29:00

CWE-20

mitre

web.nvd.nist.gov

biscom secure file transfer

sft

cve-2016-10710

datafieldid

remote authentication

file overwrite

file read

vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.

Affected configurations

Nvd

Node

biscomsecure_file_transferRange5.0.1000–5.0.1048

VendorProductVersionCPE
biscomsecure_file_transfer*cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
biscom	secure_file_transfer	*	cpe:2.3:a:biscom:secure_file_transfer::::::::

References

threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

Related for CVE-2016-10710