Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38199
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis Server 10.7.1
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.9.1
NA
CVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For Desktop
Esri Arcgis For Engine
Esri Arcgis For Server
6.1
CVSSv3
CVE-2022-38200
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.7.1
6.1
CVSSv3
CVE-2021-29116
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potential...
Esri Arcgis Server 10.9.0
Esri Arcgis Server 10.8.1
6.1
CVSSv3
CVE-2022-38195
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Arcgis Server
8.1
CVSSv3
CVE-2022-38196
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated malicious user to overwrite internal ArcGIS Server directory.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38197
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated malicious user to phish a user into accessing an attacker controlled website via a crafted query parameter.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38198
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code i...
Esri Arcgis Server
5.3
CVSSv3
CVE-2021-29099
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and previous versions. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (f...
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29094
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »