{"api_version":"1","generated_at":"2026-06-13T03:29:11+00:00","cve":"CVE-2023-2989","urls":{"html":"https://cve.report/CVE-2023-2989","api":"https://cve.report/api/cve/CVE-2023-2989.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-2989","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-2989"},"summary":{"title":"CVE-2023-2989","description":"Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited","state":"PUBLIC","assigner":"cve@rapid7.com","published_at":"2023-06-22 20:15:00","updated_at":"2023-06-30 19:21:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/","name":"https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED] | Rapid7 Blog","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability","name":"https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability","refsource":"MISC","tags":[],"title":"Is EFT susceptible to the \"Authentication Bypass via Out-of-bounds Memory Read \" vulnerability?","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-2989","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2989","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"2989","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"globalscape","cpe5":"eft_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-2989","ASSIGNER":"cve@rapid7.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125 Out-of-bounds Read","cweId":"CWE-125"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Fortra","product":{"product_data":[{"product_name":"Globalscape EFT","version":{"version_data":[{"version_affected":"<","version_name":"8.0.0","version_value":"8.1.0.16"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/","refsource":"MISC","name":"https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/"},{"url":"https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability","refsource":"MISC","name":"https://kb.globalscape.com/Knowledgebase/11586/Is-EFT-susceptible-to-the-Authentication-Bypass-via-Outofbounds-Memory-Read-vulnerability"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2023-06-22 20:15:00","lastModifiedDate":"2023-06-30 19:21:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:globalscape:eft_server:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.0.16","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}