Approved changes feed: RSS · Atom

cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorBiscom (78e3e48f-e347-513c-aaf1-a719a739aaf4)
ProductSecure File Transfer (512e7a50-f05b-511b-9aa0-2354693a48c5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-8796 vulnerable 2026-06-08 05:27:19.693231 Details available
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
Published: 2020-02-07T19:57:43.000Z
Updated: 2024-08-04T10:12:10.684Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-8503 vulnerable 2026-06-08 05:27:16.655898 Details available
Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.
Published: 2020-01-31T19:57:55.000Z
Updated: 2024-08-04T10:03:46.155Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-27646 vulnerable 2026-06-08 05:23:52.900512 Details available
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
Published: 2020-10-22T13:27:29.000Z
Updated: 2024-08-04T16:18:45.327Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-5247 vulnerable 2026-06-08 05:09:39.394235 Details available
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.883Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-5246 vulnerable 2026-06-08 05:09:39.392410 Details available
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.
Published: 2017-07-18T18:00:00.000Z
Updated: 2024-08-05T14:55:35.789Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-5241 vulnerable 2026-06-08 05:09:39.386924 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-10710 vulnerable 2026-06-08 05:07:25.614815 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.