THE INFORMATION IN THIS ARTICLE APPLIES TO:
QUESTION
Are any Globalscape products affected by the Spring4shell vulnerability?
ANSWER
Spring Framework is used in EFT Arcus for remote administration via Guacamole (which uses Spring Framework), which is deployed to two systems for a single customer and several internal test systems. Spring is invoked by connections to a single REST endpoint that is not open to the public, because the only connections allowed are whitelisted IPs associated with EFT administrators. Since this endpoint is used only during cluster deployment, it has been turned off to remove any risk of attack. Globalscape Development is reconsidering our use of this administration option for future deployments.
No other Globalscape products or generally used EFT Arcus (EFT SaaS) infrastructure use Spring.