Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
References
Link | Resource |
---|---|
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ | Exploit Technical Description Third Party Advisory |
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ | Exploit Technical Description Third Party Advisory |
Configurations
History
21 Nov 2024, 02:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ - Exploit, Technical Description, Third Party Advisory |
Information
Published : 2018-01-25 23:29
Updated : 2024-11-21 02:44
NVD link : CVE-2016-10710
Mitre link : CVE-2016-10710
CVE.ORG link : CVE-2016-10710
JSON object : View
Products Affected
biscom
- secure_file_transfer
CWE
CWE-20
Improper Input Validation