A: Upgrade to 8.3.5 immediately. EFT 7.x is end-of-life and will never receive this patch. 11. The Bigger Picture: MFT Security Evolution The “Globalscape terms patched” incident is not an isolated event. Over the past 18 months, we have seen similar logic-bypass vulnerabilities in GoAnywhere MFT, MoveIT, and WS_FTP. The pattern is clear: attackers are targeting internal rule engines (often called “terms,” “policies,” or “workflows”) because they bypass network defenses.
– An attacker could effectively “patch” the terms themselves, disabling audit logging or bypassing multi-factor authentication (MFA) term requirements. globalscape terms patched
A: Globalscape assigned internal ID GS-2024-011 . CVE-2024-38814 is the related public CVE (arbitrary term modification). Check NVD for details. A: Upgrade to 8
By patching terms, Globalscape has effectively locked the logic layer. The next trend will be —a feature they may bake into version 9.0. 12. Final Verdict: Immediate Action Required If you manage a Globalscape EFT server, stop reading and start patching. The “Globalscape terms patched” update is not a feature update—it is a security necessity . – An attacker could effectively “patch” the terms
| Product | Affected Versions | Patched Version | | :--- | :--- | :--- | | EFT Server | 8.0.0 – 8.3.4 | 8.3.5 | | EFT DMZ Gateway | 4.0.0 – 4.2.0 | 4.2.1 | | Globalscape WAFS | 5.1.x | 5.2 (re-issued) |
A: In 99% of cases, no. Only scripts that relied on malformed XML injection (which should never be used) will fail. Test with a staging environment.