A security flaw has been found in Biscom Secure File Transfer server that can be exploited as part of a spear phishing attack to steal user credentials.
The severity of this issue is considered High.
The following versions are affected:
- All versions of SFT 5 through 5.1.1081
- All versions of SFT 6 through 6.0.1010
The fixed versions are:
- SFT 5.1.1082 and later
- SFT 6.0.1011 and later
It is recommended that all affected versions of SFT be upgraded immediately.
This document will be updated to include the specifics of the exploit 90 days after publication to ensure all customers of SFT have been notified and had a chance to upgrade.
The application has been updated to check for and prevent attempts to exploit this issue.