CVE-2022-24251

EUVD-2022-29158
Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
extensisportfolio
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://extensis.com
http://portfolio.com
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/
http://extensis.com
http://portfolio.com
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/