Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcgis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-29101
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote malicious user to perform directory traversal attacks and read arbitrary files on the system.
Arcgis Geoevent Server
6.1
CVSSv3
CVE-2021-29103
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Esri Arcgis Server
6.1
CVSSv3
CVE-2021-29104
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated malicious user to pass and store malicious strings in the ArcGIS Server Manager application.
Esri Arcgis Server
5.4
CVSSv3
CVE-2021-29105
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated malicious user to pass and store malicious strings in the ArcGIS Services Directory.
Esri Arcgis Server
6.1
CVSSv3
CVE-2021-29106
A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Esri Arcgis Server
4.7
CVSSv3
CVE-2021-29113
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated malicious user to inject attacker supplied html into a page.
Esri Arcgis Server
9.8
CVSSv3
CVE-2021-29114
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated malicious user to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38195
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Arcgis Server
NA
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Esri Arcgis 10.1
1 EDB exploit
5.3
CVSSv3
CVE-2021-29099
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and previous versions. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (f...
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »