CVE-2016-10710
HIGHBiscom Secure File Transfer 5.0.1000-5.0.1048 - Authenticated Arbitrary File Read and Write via dataFieldId Parameter
Title source: llmDescription
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/
Scores
CVSS v3
8.1
EPSS
0.0111
EPSS Percentile
62.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
biscom/secure_file_transfer
5.0.1000 - 5.0.1048
Published
Jan 25, 2018
Tracked Since
Feb 18, 2026