Recent versions of Globalscape EFT have introduced several critical security and operational fixes:
Attackers could exploit this flaw by sending maliciously crafted serialized data to the EFT server.
Organizations using the GlobalSCAPE DMZ Gateway saw a patch correcting how the gateway interprets "allowed source IP" terms. Previously, IPv6-mapped IPv4 addresses could bypass allowlisting. globalscape terms patched
GlobalScape released an emergency update that added strict input validation to the Web Admin endpoints. The patch blocked the use of relative file paths (such as ../../ ) in URLs, effectively neutralizing the traversal mechanism. 2. The CVE-2021-3711 and OpenSSL Dependency Patches
If "Deep Paper" refers to a specific technical analysis or a internal document you've encountered, could you provide more context or the exact title AI responses may include mistakes. Learn more Recent versions of Globalscape EFT have introduced several
: Turn off unused protocol listeners (like basic FTP) to reduce the attack surface. CVE-2023-2989 Detail - NVD
Some vulnerabilities affecting Globalscape products originate in underlying components. For example, the “GHOST” vulnerability (affecting Linux GNU C Library versions prior to 2.18) does directly affect Globalscape products as long as the system on which our product is installed is patched against the vulnerability. GlobalScape released an emergency update that added strict
Because the application failed to properly sanitize these inputs, the malicious code would execute within the session of an Administrator viewing these settings. This highlighted a classic but critical failure in trust boundaries: assuming that configuration inputs provided by lower-privileged users were safe to render in high-privileged contexts.
In older instances of EFT Event Rules, file manipulation utilities faced exposure to a known "Zip Slip" directory traversal vulnerability. If left unpatched, malicious archive uploads could overwrite sensitive configuration files outside the intended target directory. Fortra delivered architectural validation patches to secure archive extraction directories. CVE-2023-2989: Globalscape EFT Server Auth Bypass Flaw
Yes, in version 8.1.0.16
Directory traversal (or path traversal) is an exploit where an attacker manipulates file paths to access files and directories stored outside the intended web root folder.