Description
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cve.biscom.com/bis-sft-cv-0008
Scores
CVSS v3
6.5
EPSS
0.0027
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-639
Status
published
Products (1)
biscom/secure_file_transfer
5.0.1050 - 5.1.1067
Published
Jan 31, 2020
Tracked Since
Feb 18, 2026