5 matches found
CVE-2022-24253
CVE-2022-24253 affects Extensis Portfolio v4.0 and is an authenticated unrestricted file upload vulnerability via the AdminFileTransferServlet. The described impact is partial confidentiality, integrity, and availability with network access and low attack complexity, requiring authentication of a...
CVE-2022-24252
CVE-2022-24252 concerns Extensis Portfolio v4.0, specifically the FileTransferServlet, with an unrestricted file upload vulnerability that enables remote code execution via a crafted file. Public sources in the connected set corroborate the issue and describe its impact as arbitrary code executio...
CVE-2022-24254
Affected software: Extensis Portfolio v4.0 (Backup/Restore Archive component). Issue: Unrestricted file upload via a crafted ZIP file that enables remote code execution. Root cause: lack of proper validation/constraints on uploaded ZIP contents within the Backup/Restore Archive module. Impact: re...
CVE-2022-24251
CVE-2022-24251 concerns Extensis Portfolio v4.0, which has an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. In connected sources, an advisory describes that a remote attacker could upload a malicious file and execute it on the server, potentially comp...
CVE-2022-24255
CVE-2022-24255 involves Extensis Portfolio v4.0, where hardcoded credentials enable an attacker to gain administrator privileges. The issue originates from credentials embedded in the product, enabling privileged access via a network attack with low complexity and no user interaction. Documented ...