Secure File Transfer
Approved changes feed: RSS · Atom
cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Biscom (78e3e48f-e347-513c-aaf1-a719a739aaf4) |
|---|---|
| Product | Secure File Transfer (512e7a50-f05b-511b-9aa0-2354693a48c5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-8796 |
vulnerable | 2026-06-08 05:27:19.693231 |
Details available
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
Published: 2020-02-07T19:57:43.000Z
Updated: 2024-08-04T10:12:10.684Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8503 |
vulnerable | 2026-06-08 05:27:16.655898 |
Details available
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Published: 2020-01-31T19:57:55.000Z
Updated: 2024-08-04T10:03:46.155Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27646 |
vulnerable | 2026-06-08 05:23:52.900512 |
Details available
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
Published: 2020-10-22T13:27:29.000Z
Updated: 2024-08-04T16:18:45.327Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5247 |
vulnerable | 2026-06-08 05:09:39.394235 |
Details available
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.883Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5246 |
vulnerable | 2026-06-08 05:09:39.392410 |
Details available
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.789Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5241 |
vulnerable | 2026-06-08 05:09:39.386924 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-10710 |
vulnerable | 2026-06-08 05:07:25.614815 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.