Globalscape Vulnerability Management //top\\ Site

| CVE ID | Description | CVSS | Affected Versions | Patch Availability | |--------|-------------|------|-------------------|---------------------| | CVE-2019-10770 | Path traversal in admin web interface allowing file read | 7.5 | EFT < 7.4.0.20 | Hotfix 7.4.0.20 | | CVE-2020-15530 | Hardcoded cryptographic key in DMZ gateway | 9.1 | EFT 7.4.x – 7.5.0.x | Patch 7.5.1 | | CVE-2021-22941 | OpenSSL double-free memory corruption (RCE) | 9.8 | EFT < 7.5.2 (integrated OpenSSL) | Update to 7.5.2+ | | CVE-2022-41623 | SQL injection in folder access rules | 8.6 | EFT 7.5 – 7.5.3 | Hotfix 7.5.4 | | CVE-2023-29185 | Privilege escalation via debug endpoint | 7.8 | EFT 7.5.4 – 7.6.0 | Patch 7.6.1 | | CVE-2024-22912 | Insecure deserialization in SOAP API | 8.1 | EFT 7.6.0 only | Hotfix 7.6.0 HF1 |

This identifies risks within third-party libraries used in the Globalscape stack [24]. globalscape vulnerability management

Ensure only strong ciphers (e.g., TLS 1.2 or 1.3) are enabled in the SFTP listener configuration [27]. | CVE ID | Description | CVSS |

Subscribe to Globalscape technical alerts to receive immediate notification of Zero-Day vulnerabilities. 2. Hardening the Configuration 2. Hardening the Configuration