Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38211
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
NA
CVE-2022-38212
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
4.3
CVSSv2
CVE-2021-29107
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated malicious user to pass and store malicious strings in the ArcGIS Server Manager application.
Esri Arcgis Server 10.6.1
6.5
CVSSv2
CVE-2021-29108
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrap...
Esri Portal For Arcgis
3.5
CVSSv2
CVE-2021-29110
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated malicious user to pass and store malicious strings in the home application.
Esri Portal For Arcgis
3.5
CVSSv2
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Esri Arcgis Enterprise 10.6.1
4.3
CVSSv2
CVE-2014-5121
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Esri Arcgis Server 10.1.1
5.8
CVSSv2
CVE-2014-5122
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
Esri Arcgis Server 10.1.1
NA
CVE-2023-25833
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or custo...
Esri Portal For Arcgis
NA
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »