Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcgis vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38197
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated malicious user to phish a user into accessing an attacker controlled website via a crafted query parameter.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38201
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.
Esri Arcgis Quickcapture
7.5
CVSSv3
CVE-2022-38202
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclo...
Esri Arcgis Server
5.4
CVSSv3
CVE-2021-3012
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise prior to 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
Esri Arcgis Enterprise
9.1
CVSSv3
CVE-2021-29102
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated malicious user to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attack...
Esri Arcgis Server
5.3
CVSSv3
CVE-2021-29099
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and previous versions. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (f...
Esri Arcgis Server
5.3
CVSSv3
CVE-2021-29115
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote malicious user to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.
Esri Arcgis Enterprise
6.8
CVSSv3
CVE-2021-29094
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29095
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
4.7
CVSSv3
CVE-2021-29113
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated malicious user to inject attacker supplied html into a page.
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »