Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated malicious user to induce Esri Portal for ArcGIS to read arbitrary URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri portal for arcgis |