CVE-2023-2989

CVSS V2 None CVSS V3 None

Description

Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited

Overview

CVE ID
CVE-2023-2989

Assigner
rapid7

Vulnerability Status
PUBLISHED

Published Version
2023-06-22T19:14:17.275Z

Last Modified Date
2023-06-22T19:14:17.275Z

Weakness Enumerations

CWE	URL
CWE-125	http://cwe.mitre.org/data/definitions/125.html

References

Reference URL	Reference Tags
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2989
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2989

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:14:44				Added to TrackCVE