Secure File Transfer Security Vulnerabilities and Issues — Secure File Transfer CVE List

BiscomSecure File Transfer

7 matches found

CVE•added 2020/01/31 7:57 p.m.•124 views

CVE-2020-8503

The CVE-2020-8503 issue affects Biscom Secure File Transfer (SFT) versions 5.0.1050–5.1.1067 and 6.0.1000–6.0.1003. A vulnerability in the file-upload feature allows Insecure Direct Object Reference (IDOR) by an authenticated sender due to an error in how uploads are handled. The impact is descri...

6.5CVSS6.2AI score0.00731EPSS

CVE•added 2020/02/07 7:57 p.m.•120 views

CVE-2020-8796

Biscom Secure File Transfer (SFT) is affected by CVE-2020-8796. The vulnerability allows remote code execution on the server in versions prior to 5.1.1071 and 6.0.1xxx prior to 6.0.1005. Connected sources confirm the impact as remote code execution on the server, with the affected products stated...

9.8CVSS9.6AI score0.02928EPSS

CVE•added 2017/07/18 6:0 p.m.•46 views

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...

4.3CVSS4.5AI score0.00599EPSS

CVE•added 2017/07/18 6:0 p.m.•44 views

CVE-2017-5247

Biscom Secure File Transfer (SFT) is affected by a cross-site scripting (XSS) vulnerability in the File Name field. An authenticated user with permissions to upload or send files can supply a filename containing HTML/script tags, which can be executed by other authenticated users viewing the file...

5.4CVSS5.2AI score0.00503EPSS

CVE•added 2017/06/28 1:0 p.m.•43 views

CVE-2017-5241

Biscom Secure File Transfer (SFT) versions 5.0.0.0–5.1.1024 are vulnerable to post-auth persistent XSS in the Name/Description fields of a Workspace and the Description field of a File Details pane for files in a Workspace. The issue is fixed in version 5.1.1025. Exploitation requires an authenti...

5.4CVSS5.1AI score0.00879EPSS

CVE•added 2020/10/22 1:27 p.m.•43 views

CVE-2020-27646

Biscom Secure File Transfer (SFT) platforms are affected in versions prior to 5.1.1082 and 6.x prior to 6.0.1011, where a vulnerability enables user credential theft. The CVSS data indicates network exposure with a high confidentiality impact (C:H) but no integrity or availability impact, and use...

6.5CVSS6.5AI score0.01004EPSS

CVE•added 2018/01/25 11:0 p.m.•38 views

CVE-2016-10710

Biscom Secure File Transfer (SFT) versions 5.0.1000–5.0.1048 fail to validate the dataFieldId and use sequential numbers, enabling remote authenticated users to overwrite or read files via crafted requests. The issue is fixed in version 5.0.1050. Affected platforms are Biscom SFT; exact root caus...

8.1CVSS7.6AI score0.01134EPSS