A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated malicious user to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri arcgis server 10.7.1 |
||
esri arcgis server 10.8.1 |
||
esri arcgis server 10.9.1 |