Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis server 10.8.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38199
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis Server 10.7.1
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.9.1
6.1
CVSSv3
CVE-2022-38200
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.7.1
6.1
CVSSv3
CVE-2021-29116
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potential...
Esri Arcgis Server 10.9.0
Esri Arcgis Server 10.8.1
6.1
CVSSv3
CVE-2021-29104
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated malicious user to pass and store malicious strings in the ArcGIS Server Manager application.
Esri Arcgis Server
5.4
CVSSv3
CVE-2021-29105
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated malicious user to pass and store malicious strings in the ArcGIS Services Directory.
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29094
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29095
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29093
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
9.1
CVSSv3
CVE-2021-29102
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated malicious user to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attack...
Esri Arcgis Server
6.1
CVSSv3
CVE-2021-29103
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »