CVE-2016-10710

Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
References
Link Resource
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ Exploit Technical Description Third Party Advisory
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ Exploit Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:44

Type Values Removed Values Added
References () http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ - Exploit, Technical Description, Third Party Advisory () http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/ - Exploit, Technical Description, Third Party Advisory

Information

Published : 2018-01-25 23:29

Updated : 2024-11-21 02:44


NVD link : CVE-2016-10710

Mitre link : CVE-2016-10710

CVE.ORG link : CVE-2016-10710


JSON object : View

Products Affected

biscom

  • secure_file_transfer
CWE
CWE-20

Improper Input Validation