Vulnerability Details CVE-2022-24254
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://extensis.com
- http://portfolio.com
- https://snyk.io/research/zip-slip-vulnerability
- https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/
- http://extensis.com
- http://portfolio.com
- https://snyk.io/research/zip-slip-vulnerability
- https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/