Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-29100
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user ...
Esri Arcgis Earth
4.3
CVSSv2
CVE-2021-29103
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Esri Arcgis Server
4.3
CVSSv2
CVE-2021-29104
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated malicious user to pass and store malicious strings in the ArcGIS Server Manager application.
Esri Arcgis Server
3.5
CVSSv2
CVE-2021-29105
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated malicious user to pass and store malicious strings in the ArcGIS Services Directory.
Esri Arcgis Server
4.3
CVSSv2
CVE-2021-29106
A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Esri Arcgis Server
4.3
CVSSv2
CVE-2021-29113
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated malicious user to inject attacker supplied html into a page.
Esri Arcgis Server
7.5
CVSSv2
CVE-2021-29114
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated malicious user to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
Esri Arcgis Server
9.3
CVSSv2
CVE-2020-35712
Esri ArcGIS Server prior to 10.8 is vulnerable to SSRF in some configurations.
Esri Arcgis Server
6.4
CVSSv2
CVE-2021-29102
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated malicious user to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attack...
Esri Arcgis Server
3.5
CVSSv2
CVE-2021-3012
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise prior to 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
Esri Arcgis Enterprise
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »