CVE-2022-24254

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file.
References
Link Resource
http://extensis.com Product
http://portfolio.com Not Applicable
https://snyk.io/research/zip-slip-vulnerability Technical Description Third Party Advisory
https://www.whiteoaksecurity.com/blog/extensis-portfolio-vulnerability-disclosure/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:extensis:portfolio:4.0:*:*:*:*:*:*:*

Information

Published : 2022-03-01 11:15

Updated : 2022-03-09 04:20


NVD link : CVE-2022-24254

Mitre link : CVE-2022-24254

Products Affected
No products.
CWE