A security flaw has been found in Biscom Secure File Transfer server that can be exploited as part of a spear phishing attack to steal user credentials. 

The severity of this issue is considered High.  

The following versions are affected: 

  • All versions of SFT 5 through 5.1.1081 
  • All versions of SFT 6 through 6.0.1010 

The fixed versions are: 

  • SFT 5.1.1082 and later 
  • SFT 6.0.1011 and later 

It is recommended that all affected versions of SFT be upgraded immediately. 

Issue summary:  

This document will be updated to include the specifics of the exploit 90 days after publication to ensure all customers of SFT have been notified and had a chance to upgrade. 

Fix details: 

The application has been updated to check for and prevent attempts to exploit this issue.