Biscom: >> Secure File Transfer >> 5.0.1050 Security Vulnerabilities
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-10-22
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-02-07
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-01-31
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-06-28