Description
An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
References (4)
Core 4
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://snyk.io/research/zip-slip-vulnerability
Product x_refsource_misc
http://extensis.com
Not Applicable x_refsource_misc
http://portfolio.com
Exploit, Third Party Advisory x_refsource_misc
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/
Scores
CVSS v3
8.8
EPSS
0.0264
EPSS Percentile
85.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
extensis/portfolio
4.0
Published
Mar 01, 2022
Tracked Since
Feb 18, 2026