Major Hole Plugged in Secure File Transfer Tool

  • 27 June 2017
  • 0 replies
  • 117 views

Userlevel 7
Badge +54
June 27, 2017 By Michael Mimoso
 
                                    


 
Biscom, a secure document delivery provider, recently patched a serious vulnerability in its secure file transfer product that could have allowed an authenticated hacker access to data shared between other users.
 
Privately alerted in April by Rapid7 (a Biscom customer), the company released an updated version of its product on May 3.
 The issue, a stored cross-site scripting vulnerability, was found in the Name and Description field of the Workspaces component of the secure file transfer product. Researcher Orlando Barrera found the problem in late March. In a disclosure published today, Barrera described how an attacker would need to be authenticated to the product and have the ability to create a Workspace in order to exploit the vulnerability.
 
Full Article.

0 replies

Be the first to reply!

Reply