Biscom Secure File Transfer — known CVE vulnerabilities
Every CVE whose affected-product data names Biscom Secure File Transfer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-8796 — CVSS 9.8 (critical): Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
CVE-2016-10710 — CVSS 8.1 (high): Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which…
CVE-2020-27646 — CVSS 6.5 (medium): Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.
CVE-2020-8503 — CVSS 6.5 (medium): Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by…
CVE-2017-5247 — CVSS 5.4 (medium): Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload…
CVE-2017-5241 — CVSS 5.4 (medium): Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in…
CVE-2017-5246 — CVSS 4.3 (medium): Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate…