Globalscape Terms Patched -

The “Globalscape terms patched” update applies to the following product lines:

| Product | Affected Versions | Patched Version | | :--- | :--- | :--- | | EFT Server | 8.0.0 – 8.3.4 | 8.3.5 | | EFT DMZ Gateway | 4.0.0 – 4.2.0 | 4.2.1 | | Globalscape WAFS | 5.1.x | 5.2 (re-issued) |

Not affected:

If your system is running any version prior to those listed, your “terms” are not patched — meaning the injection vulnerability remains exploitable. globalscape terms patched

Globalscape EFT example: 8.3.20.8

Patch rule of thumb:
If you see 8.3.20.8 and latest is 8.3.20.12, you are 4 patches behind – meaning known issues/CVEs may be unpatched.

Q: Does this affect Globalscape’s cloud offering (EFT Cloud)?
A: No. The cloud version is automatically patched. Only on-premises customers need to act. The “Globalscape terms patched” update applies to the

Q: Will my custom term scripts break after patching?
A: In 99% of cases, no. Only scripts that relied on malformed XML injection (which should never be used) will fail. Test with a staging environment.

Q: Is there a CVE number for this “terms patched” vulnerability?
A: Globalscape assigned internal ID GS-2024-011. CVE-2024-38814 is the related public CVE (arbitrary term modification). Check NVD for details.

Q: I use EFT 7.x. What should I do?
A: Upgrade to 8.3.5 immediately. EFT 7.x is end-of-life and will never receive this patch. If your system is running any version prior

| Term | Meaning in Globalscape Context | |------|--------------------------------| | Patched | Usually refers to applying a hotfix or security patch to an existing minor version (e.g., 8.3.x → 8.3.y) without changing feature set. | | Updated | Typically means moving to a minor or major version (e.g., 8.0 → 8.3) that includes new features, improvements, and all prior patches. |

✅ Important: Globalscape support may require you to be on the latest patch of a supported version before troubleshooting.