Lucene search

[email protected]CVE-2013-5221

HistorySep 24, 2013 - 10:35 a.m.

CVE-2013-5221

2013-09-2410:35:52

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-5221

esri arcgis for server

mobile upload

security vulnerability

remote authentication

file upload

.exe files

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.8%

JSON

The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.

Affected configurations

NVD

Node

esriarcgisMatch10.1

esriarcgisMatch10.2

CPENameOperatorVersion
esri:arcgisesri arcgiseq10.1
esri:arcgisesri arcgiseq10.2

CPE	Name	Operator	Version
esri:arcgis	esri arcgis	eq	10.1
esri:arcgis	esri arcgis	eq	10.2

References

support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009

support.esri.com/en/knowledgebase/techarticles/detail/41497

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for CVE-2013-5221

cvelist1 nvd1 prion1