CVE-2016-10710

HIGH

Biscom Secure File Transfer 5.0.1000-5.0.1048 - Authenticated Arbitrary File Read and Write via dataFieldId Parameter

Title source: llm
STIX 2.1

Description

Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/

Scores

CVSS v3 8.1
EPSS 0.0111
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
biscom/secure_file_transfer 5.0.1000 - 5.0.1048
Published Jan 25, 2018
Tracked Since Feb 18, 2026