Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

esri arcgis for server vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For DesktopEsri Arcgis For EngineEsri Arcgis For Server
NA
CVE-2014-5121
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Esri Arcgis For Server 10.1.1
NA
CVE-2014-5122
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
Esri Arcgis For Server 10.1.1
7.5
CVSSv3
CVE-2022-38203
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38211
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
7.5
CVSSv3
CVE-2022-38212
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
NA
CVE-2013-7232
SQL injection vulnerability in ESRI ArcGIS for Server up to and including 10.2 allows remote malicious users to execute arbitrary SQL commands via unspecified input to the map or feature service.
Esri Arcgis 10.1Esri Arcgis
NA
CVE-2013-7231
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Esri Arcgis 10.1Esri Arcgis 10.2
NA
CVE-2013-5221
The mobile-upload feature in Esri ArcGIS for Server 10.1 up to and including 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
Esri Arcgis 10.2Esri Arcgis 10.1
NA
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Esri Arcgis 10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook