Description
An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file.
References (3)
Core 3
Core References
Product x_refsource_misc
http://extensis.com
Not Applicable x_refsource_misc
http://portfolio.com
Exploit, Third Party Advisory x_refsource_misc
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/
Scores
CVSS v3
8.8
EPSS
0.0215
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
extensis/portfolio
4.0
Published
Mar 01, 2022
Tracked Since
Feb 18, 2026