Search

GlobalSCAPE Knowledge Base

Are any Globalscape products affected by the Spring4shell vulnerability?

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, all versions

QUESTION

Are any Globalscape products affected by the Spring4shell vulnerability?

ANSWER

Spring Framework is used in EFT Arcus for remote administration via Guacamole (which uses Spring Framework), which is deployed to two systems for a single customer and several internal test systems. Spring is invoked by connections to a single REST endpoint that is not open to the public, because the only connections allowed are whitelisted IPs associated with EFT administrators. Since this endpoint is used only during cluster deployment, it has been turned off to remove any risk of attack. Globalscape Development is reconsidering our use of this administration option for future deployments.

No other Globalscape products or generally used EFT Arcus (EFT SaaS) infrastructure use Spring.

Details
Last Modified: Last Year
Last Modified By: kmarsh
Type: INFO
Article not rated yet.
Article has been viewed 6.1K times.
Options
Also In This Category
Tags