ByteOS Network

NVD Vulnerability Details :

CVE-2017-5246

Deferred

Source-cve@rapid7.com

Published At-18 Jul, 2017 | 18:29

Updated At-20 Apr, 2025 | 01:37

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

CPE Matches

biscom>>secure_file_transfer>>-

cpe:2.3:a:biscom:secure_file_transfer:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-74	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://cve.biscom.com/bis-sft-cv-0004/	cve@rapid7.com	N/A
https://twitter.com/i_bo0om/status/885050741567750145	cve@rapid7.com	Third Party Advisory
https://cve.biscom.com/bis-sft-cv-0004/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://twitter.com/i_bo0om/status/885050741567750145	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History