Extensis: community verdicts
5 notable / known-exploited Extensis CVEs the community has triaged.
- CVE-2022-24254HIGH 8.8Real · low riskEPSS 3%
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
- CVE-2022-24252HIGH 8.8Real · low riskEPSS 3%
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
- CVE-2022-24255HIGH 8.8Real · low riskEPSS 2%
Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges.
- CVE-2022-24251HIGH 8.8Real · low riskEPSS 2%
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
- CVE-2022-24253HIGH 8.8Real · low riskEPSS 2%
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet.