Globalscape Terms — Patched

Deploying the patch is only half the battle. To maximize the security gains from this "terms patched" release, implement the following:

July 2024 Software Affected: Globalscape EFT (Enterprise File Transfer) Vulnerability Type: Stored Cross-Site Scripting (XSS) Severity: High (CVSS 8.0+ depending on configuration) globalscape terms patched

The security flaw—tracked as —was a pre-authentication remote code execution (RCE) vulnerability within the Terms of Service (TOS) module. This module, which allows administrators to present a legal disclaimer before users log in, was found to be susceptible to a Java deserialization attack. Key Details of the Patch Deploying the patch is only half the battle

The vulnerabilities in question were primarily discovered and reported by security researchers at Assetnote and other independent analysts. They focused on the EFT administrative web interface, specifically components handling user authentication and file handling. Key Details of the Patch The vulnerabilities in

Unpatched Globalscape terms are not just a technical risk—they are a compliance nightmare.

Follow this checklist to confirm the patch status:

: A significant vulnerability that could allow an attacker to overwrite arbitrary files on the server during compression or decompression processes. This was mitigated in recent security updates to the EFT Event Rules.