Vulnerabilities (CVE)

Filtered by vendor Extensis Subscribe
Filtered by product Portfolio
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24255 1 Extensis 1 Portfolio 2024-11-21 9.0 HIGH 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
CVE-2022-24254 1 Extensis 1 Portfolio 2024-11-21 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
CVE-2022-24253 1 Extensis 1 Portfolio 2024-11-21 6.5 MEDIUM 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.
CVE-2022-24252 1 Extensis 1 Portfolio 2024-11-21 6.5 MEDIUM 8.8 HIGH
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
CVE-2022-24251 1 Extensis 1 Portfolio 2024-11-21 6.5 MEDIUM 8.8 HIGH
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.