Vulnerability Details CVE-2016-10710
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.5
References
Products affected by CVE-2016-10710
-
cpe:2.3:a:biscom:secure_file_transfer:5.0.1000
-
cpe:2.3:a:biscom:secure_file_transfer:5.0.1048