Vulnerabilities > CVE-2020-8503 - Authorization Bypass Through User-Controlled Key vulnerability in Biscom Secure File Transfer

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

biscom

CWE-639

NVD

Published: 2020-01-31

Updated: 2020-02-05

Summary

Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.

Vulnerable Configurations

Part	Description	Count
Application	Biscom Biscom Secure File Transfer 5.0.1050 Biscom Secure File Transfer 5.1.1067 Biscom Secure File Transfer 6.0.1000 Biscom Secure File Transfer 6.0.1003	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://cve.biscom.com/bis-sft-cv-0008