PT-2022-16568 · Extensis · Extensis Portfolio

Published

2022-03-01

Updated

2022-03-09

CVE-2022-24255

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Extensis Portfolio version 4.0

Description The issue concerns hardcoded credentials in the software, which can be exploited by attackers to gain administrator privileges.

Recommendations For Extensis Portfolio version 4.0, consider changing the hardcoded credentials to unique, secure credentials as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-24255

Affected Products

Extensis Portfolio

PT-2022-16568 · Extensis · Extensis Portfolio

CVE-2022-24255

Weakness Enumeration

Related Identifiers

Affected Products

References · 6