CVE-2023-2991

MEDIUM

Globalscape EFT Server 8.0.0.38-8.1.0.13 - Unauthenticated Exposure of Sensitive Information via Trial Extension Request

Title source: llm

Description

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message

References (2)

Core 2

Core References

Vendor Advisory

https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability

Exploit, Third Party Advisory

https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

Scores

CVSS v3 5.3

EPSS 0.0064

EPSS Percentile 46.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

globalscape/eft_server 8.0.0.38 - 8.1.0.14

Published Jun 22, 2023

Tracked Since Feb 18, 2026