Globalscape Terms Patched [ 2024 ]

A: Globalscape assigned internal ID GS-2024-011 . CVE-2024-38814 is the related public CVE (arbitrary term modification). Check NVD for details.

| Product | Affected Versions | Patched Version | | :--- | :--- | :--- | | EFT Server | 8.0.0 – 8.3.4 | 8.3.5 | | EFT DMZ Gateway | 4.0.0 – 4.2.0 | 4.2.1 | | Globalscape WAFS | 5.1.x | 5.2 (re-issued) | globalscape terms patched

– An authenticated administrator (or an attacker who compromised admin credentials) could inject malformed XML into custom “term sets” (e.g., a condition like IF user IP = 192.168.1.* THEN allow SFTP ). The injection could escape its logical container and overwrite global authentication policies. A: Globalscape assigned internal ID GS-2024-011

If you have seen this phrase in patch notes, security bulletins, or forums, you likely have urgent questions. What terms were patched? Why does it matter? And most critically, is your organization exposed? | Product | Affected Versions | Patched Version

By patching terms, Globalscape has effectively locked the logic layer. The next trend will be —a feature they may bake into version 9.0. 12. Final Verdict: Immediate Action Required If you manage a Globalscape EFT server, stop reading and start patching. The “Globalscape terms patched” update is not a feature update—it is a security necessity .

– An attacker could effectively “patch” the terms themselves, disabling audit logging or bypassing multi-factor authentication (MFA) term requirements.

A: In 99% of cases, no. Only scripts that relied on malformed XML injection (which should never be used) will fail. Test with a staging environment.