CVE-2020-8503 - OpenCVE

Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Biscom	Secure File Transfer

Configuration 1 [-]

OR	cpe:2.3:a:biscom:secure_file_transfer::::::::
	cpe:2.3:a:biscom:secure_file_transfer::::::::

References

Link	Resource
https://cve.biscom.com/bis-sft-cv-0008	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-31T19:57:55

Updated: 2020-01-31T19:57:55

Reserved: 2020-01-31T00:00:00

Link: CVE-2020-8503

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-31T20:15:11.243

Modified: 2020-02-05T16:32:56.740

Link: CVE-2020-8503

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E022ED-DE65-4972-B624-CC0ADC55B219", "versionEndIncluding": "5.1.1067", "versionStartIncluding": "5.0.1050", "vulnerable": true}, {"criteria": "cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*", "matchCriteriaId": "C637C8E4-2963-4D36-914F-9F929959D12B", "versionEndIncluding": "6.0.1003", "versionStartIncluding": "6.0.1000", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004."}, {"lang": "es", "value": "Biscom Secure File Transfer (SFT) versiones 5.0.1050 hasta 5.1.1067 y 6.0.1000 hasta 6.0.1003, permite una Referencia Directa a Objetos No Segura (IDOR) por parte de un remitente autenticado debido a un error en una funcionalidad de carga de archivos. Esto se corrigi\u00f3 en las versiones 5.1.1068 y 6.0.1004."}], "id": "CVE-2020-8503", "lastModified": "2020-02-05T16:32:56.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-31T20:15:11.243", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://cve.biscom.com/bis-sft-cv-0008"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}