Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis server 10.9.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38199
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis Server 10.7.1
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.9.1
8.1
CVSSv3
CVE-2022-38196
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated malicious user to overwrite internal ArcGIS Server directory.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38197
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated malicious user to phish a user into accessing an attacker controlled website via a crafted query parameter.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38195
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38198
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code i...
Esri Arcgis Server
7.5
CVSSv3
CVE-2022-38202
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclo...
Esri Arcgis Server
7.5
CVSSv3
CVE-2022-38211
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started