CVE-2024-1190 Disclosure Date: February 2, 2024 Product: Global Scape CuteFTP 9.3.0.3 Severity: Problematic
| Product | Affected Versions | Patched Version | | :--- | :--- | :--- | | EFT Server | 8.0.0 – 8.3.4 | 8.3.5 | | EFT DMZ Gateway | 4.0.0 – 4.2.0 | 4.2.1 | | Globalscape WAFS | 5.1.x | 5.2 (re-issued) |
Patching often involves upgrading to specific version series, such as the 8.3.2, 8.3.0, or 8.2.1 series.
: Addressed in EFT v8.3.2 (released February 2026), this patch upgraded the OpenSSL library to v3.6.1 to mitigate security risks associated with the underlying encryption toolkit.
Globalscape maintains a well-documented security vulnerability discovery, remediation, and messaging process. When it comes to patches, Globalscape’s official stance is unequivocal: globalscape terms patched
The vendor overhauled the session management architecture, enforcing cryptographic signing for all administrative tokens and dropping inactive sessions aggressively. 3. Folder Monitor Script Injection
Based on your request, it seems you are looking for an analysis of a security vulnerability in Globalscape software (specifically relating to "terms" or input fields) that was patched. You are likely referring to the vulnerability (and related issues) discovered by security researcher Erik de Jong , which involved Cross-Site Scripting (XSS) in the EFT administration interface.
According to Globalscape’s security practices documentation, the company scans its software regularly with various security tools throughout the development lifecycle, including static code analysis, software composition analysis, penetration testing, and DAST (Dynamic Application Security Testing). This multi-layered approach helps verify that third-party libraries and application code are free of known issues when each release is made available.
To ensure your environment is fully protected against recent threats, let me know: When it comes to patches, Globalscape’s official stance
The “Globalscape terms patched” update applies to the following product lines:
These patches, particularly in the March 2026 releases (v8.3.2.568 and v8.3.0.412) , address vulnerabilities within the underlying OpenSSL libraries used for secure communication. For organizations relying on EFT for sensitive data movement, compliance (such as PCI-DSS or HIPAA), and automated workflows, applying these patches is not optional—it is a critical requirement for maintaining a secure and compliant infrastructure.
Globalscape Terms Patched: Securing Managed File Transfer Against Enterprise Threats
Crucially, this means that not every security-related fix arrives via a separate patch. Some are bundled into the next major release, which may include general bug fixes and feature enhancements alongside security improvements. You are likely referring to the vulnerability (and
Fortra quickly addressed these issues by releasing Globalscape EFT Server Version 8.1.0.16. Upgrading to this build eliminates the vulnerabilities completely. OpenSSL Dependencies (CVE-2025-15467)
In 2021, a critical flaw was discovered in the Globalscape EFT Ad-Hoc Message Center module. This vulnerability allowed unauthenticated remote attackers to execute arbitrary code on the underlying server.
of a user node, tracking whether a user has agreed to specific privacy policies. Privacy-Related Event Rules
CVE-2024-1190 Disclosure Date: February 2, 2024 Product: Global Scape CuteFTP 9.3.0.3 Severity: Problematic
| Product | Affected Versions | Patched Version | | :--- | :--- | :--- | | EFT Server | 8.0.0 – 8.3.4 | 8.3.5 | | EFT DMZ Gateway | 4.0.0 – 4.2.0 | 4.2.1 | | Globalscape WAFS | 5.1.x | 5.2 (re-issued) |
Patching often involves upgrading to specific version series, such as the 8.3.2, 8.3.0, or 8.2.1 series.
: Addressed in EFT v8.3.2 (released February 2026), this patch upgraded the OpenSSL library to v3.6.1 to mitigate security risks associated with the underlying encryption toolkit.
Globalscape maintains a well-documented security vulnerability discovery, remediation, and messaging process. When it comes to patches, Globalscape’s official stance is unequivocal:
The vendor overhauled the session management architecture, enforcing cryptographic signing for all administrative tokens and dropping inactive sessions aggressively. 3. Folder Monitor Script Injection
Based on your request, it seems you are looking for an analysis of a security vulnerability in Globalscape software (specifically relating to "terms" or input fields) that was patched. You are likely referring to the vulnerability (and related issues) discovered by security researcher Erik de Jong , which involved Cross-Site Scripting (XSS) in the EFT administration interface.
According to Globalscape’s security practices documentation, the company scans its software regularly with various security tools throughout the development lifecycle, including static code analysis, software composition analysis, penetration testing, and DAST (Dynamic Application Security Testing). This multi-layered approach helps verify that third-party libraries and application code are free of known issues when each release is made available.
To ensure your environment is fully protected against recent threats, let me know:
The “Globalscape terms patched” update applies to the following product lines:
These patches, particularly in the March 2026 releases (v8.3.2.568 and v8.3.0.412) , address vulnerabilities within the underlying OpenSSL libraries used for secure communication. For organizations relying on EFT for sensitive data movement, compliance (such as PCI-DSS or HIPAA), and automated workflows, applying these patches is not optional—it is a critical requirement for maintaining a secure and compliant infrastructure.
Globalscape Terms Patched: Securing Managed File Transfer Against Enterprise Threats
Crucially, this means that not every security-related fix arrives via a separate patch. Some are bundled into the next major release, which may include general bug fixes and feature enhancements alongside security improvements.
Fortra quickly addressed these issues by releasing Globalscape EFT Server Version 8.1.0.16. Upgrading to this build eliminates the vulnerabilities completely. OpenSSL Dependencies (CVE-2025-15467)
In 2021, a critical flaw was discovered in the Globalscape EFT Ad-Hoc Message Center module. This vulnerability allowed unauthenticated remote attackers to execute arbitrary code on the underlying server.
of a user node, tracking whether a user has agreed to specific privacy policies. Privacy-Related Event Rules