Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-38202
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclo...
Esri Arcgis Server
3.4
CVSSv3
CVE-2023-25840
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated malicious user to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileg...
Esri Arcgis Server
6.1
CVSSv3
CVE-2023-25841
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated malicious user to create crafted content which when clicked could potentially execute arbitrary JavaScr...
Esri Arcgis Server
5.3
CVSSv3
CVE-2023-25848
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribu...
Esri Arcgis Server
9.1
CVSSv3
CVE-2021-29102
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated malicious user to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attack...
Esri Arcgis Server
NA
CVE-2013-7231
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Esri Arcgis 10.1
Esri Arcgis 10.2
NA
CVE-2013-5221
The mobile-upload feature in Esri ArcGIS for Server 10.1 up to and including 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
Esri Arcgis 10.1
Esri Arcgis 10.2
7.5
CVSSv3
CVE-2021-29101
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote malicious user to perform directory traversal attacks and read arbitrary files on the system.
Esri Arcgis Geoevent Server
6.1
CVSSv3
CVE-2021-29107
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated malicious user to pass and store malicious strings in the ArcGIS Server Manager application.
Esri Arcgis Server 10.6.1
NA
CVE-2014-5122
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
Esri Arcgis Server 10.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »