Lucene search

[email protected]CVE-2020-27646

HistoryOct 22, 2020 - 2:15 p.m.

CVE-2020-27646

2020-10-2214:15:13

[email protected]

web.nvd.nist.gov

cve-2020-27646

biscom secure file transfer

sft

credential theft

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.

Affected configurations

NVD

Node

biscomsecure_file_transferRange5.0.0–5.1.1082

biscomsecure_file_transferRange6.0.0–6.0.1011

CPENameOperatorVersion
biscom:secure_file_transferbiscom secure file transferlt5.1.1082
biscom:secure_file_transferbiscom secure file transferlt6.0.1011

CPE	Name	Operator	Version
biscom:secure_file_transfer	biscom secure file transfer	lt	5.1.1082
biscom:secure_file_transfer	biscom secure file transfer	lt	6.0.1011

References

cve.biscom.com/bis-sft-cv-0011/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2020-27646

cvelist1 nvd1 prion1