Vulnerabilities > CVE-2020-8503 - Authorization Bypass Through User-Controlled Key vulnerability in Biscom Secure File Transfer

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

biscom

CWE-639

NVD

Published: 2020-01-31

Updated: 2020-02-05

Summary

Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.

Vulnerable Configurations

Part	Description	Count
Application	Biscom Biscom Secure File Transfer 6.0.1000 Biscom Secure File Transfer 6.0.1003 Biscom Secure File Transfer 5.0.1050 Biscom Secure File Transfer 5.1.1015 Biscom Secure File Transfer 5.1.1067	5

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://cve.biscom.com/bis-sft-cv-0008