Lucene search
+L
ExtensisPortfolio

5 matches found

CVE
CVE
added 2022/03/01 11:0 p.m.117 views

CVE-2022-24253

CVE-2022-24253 affects Extensis Portfolio v4.0 and is an authenticated unrestricted file upload vulnerability via the AdminFileTransferServlet. The described impact is partial confidentiality, integrity, and availability with network access and low attack complexity, requiring authentication of a...

8.8CVSS8.7AI score0.01273EPSS
CVE
CVE
added 2022/03/01 11:0 p.m.104 views

CVE-2022-24252

CVE-2022-24252 concerns Extensis Portfolio v4.0, specifically the FileTransferServlet, with an unrestricted file upload vulnerability that enables remote code execution via a crafted file. Public sources in the connected set corroborate the issue and describe its impact as arbitrary code executio...

8.8CVSS8.8AI score0.02167EPSS
CVE
CVE
added 2022/03/01 11:0 p.m.100 views

CVE-2022-24254

Affected software: Extensis Portfolio v4.0 (Backup/Restore Archive component). Issue: Unrestricted file upload via a crafted ZIP file that enables remote code execution. Root cause: lack of proper validation/constraints on uploaded ZIP contents within the Backup/Restore Archive module. Impact: re...

8.8CVSS8.8AI score0.02415EPSS
CVE
CVE
added 2022/03/01 11:0 p.m.97 views

CVE-2022-24251

CVE-2022-24251 concerns Extensis Portfolio v4.0, which has an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. In connected sources, an advisory describes that a remote attacker could upload a malicious file and execute it on the server, potentially comp...

8.8CVSS8.7AI score0.01309EPSS
Web
CVE
CVE
added 2022/03/01 11:0 p.m.91 views

CVE-2022-24255

CVE-2022-24255 involves Extensis Portfolio v4.0, where hardcoded credentials enable an attacker to gain administrator privileges. The issue originates from credentials embedded in the product, enabling privileged access via a network attack with low complexity and no user interaction. Documented ...

9CVSS8.9AI score0.01344EPSS