Lucene search

[email protected]CVE-2022-38205

HistoryDec 29, 2022 - 8:15 p.m.

CVE-2022-38205

2022-12-2920:15:09

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-38205

esri

portal for arcgis

directory traversal

security vulnerability

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).

Affected configurations

NVD

Node

esriportal_for_arcgisRange≤10.9.1

CPENameOperatorVersion
esri:portal_for_arcgisesri portal for arcgisle10.9.1

CPE	Name	Operator	Version
esri:portal_for_arcgis	esri portal for arcgis	le	10.9.1

CNA Affected

[
  {
    "vendor": "Esri",
    "product": "ArcGIS Enterprise",
    "versions": [
      {
        "version": "Portal for ArcGIS",
        "status": "affected",
        "lessThanOrEqual": "10.9.1",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "x64"
    ]
  }
]

References

www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Related for CVE-2022-38205

nvd1 prion1 cvelist1