CVE-2023-2989

Опубликовано: 22 июн. 2023

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited

Ссылки

https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability
Vendor Advisory
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
Exploit
Third Party Advisory
https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability
Vendor Advisory
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:globalscape:eft_server:*:*:*:*:*:*:*:*

Версия до 8.1.0.16 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-ch4p-p6rc-ppx7