CVE-2023-2990

HIGH

Globalscape Eft Server < 8.1.0.16 - Denial of Service

Title source: rule

Description

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

References (2)

[Vendor Advisory] https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability

[Exploit, Third Party Advisory] https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-674 CWE-400

Status published

Products (1)

globalscape/eft_server < 8.1.0.16

Published Jun 22, 2023

Tracked Since Feb 18, 2026