Vulnerabilities > Extensis > Portfolio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2022-24251 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. | 6.5 |
| 2022-03-01 | CVE-2022-24252 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. | 6.5 |
| 2022-03-01 | CVE-2022-24253 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. | 6.5 |
| 2022-03-01 | CVE-2022-24254 | Unrestricted Upload of File with Dangerous Type vulnerability in Extensis Portfolio 4.0 An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. | 6.5 |
| 2022-03-01 | CVE-2022-24255 | Use of Hard-coded Credentials vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | 9.0 |