Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis server vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-38199
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers p...
Esri Arcgis Server 10.7.1
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.9.1
NA
CVE-2014-9741
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis For Engine
Esri Arcgis For Desktop
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38200
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Esri Arcgis Server 10.8.1
Esri Arcgis Server 10.7.1
6.1
CVSSv3
CVE-2021-29116
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potential...
Esri Arcgis Server 10.9.0
Esri Arcgis Server 10.8.1
5.3
CVSSv3
CVE-2021-29099
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and previous versions. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (f...
Esri Arcgis Server
9.1
CVSSv3
CVE-2021-29102
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated malicious user to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attack...
Esri Arcgis Server
5.3
CVSSv3
CVE-2023-25848
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribu...
Esri Arcgis Server
6.8
CVSSv3
CVE-2021-29094
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
8.1
CVSSv3
CVE-2022-38196
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated malicious user to overwrite internal ArcGIS Server directory.
Esri Arcgis Server
6.1
CVSSv3
CVE-2022-38198
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code i...
Esri Arcgis Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »