CVE-2016-10710

EUVD-2016-1709
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
biscomsecure_file_transfer
5.0.1000 ≤
𝑥
≤ 5.0.1048
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/
http://threat.tevora.com/biscom-secure-file-transfer-arbitrary-file-download/