CVE-2024-37694

2024-06-2122:15:11

[email protected]

web.nvd.nist.gov

arcgis

enterprise server

authentication

bypass

sensitive information

remote attacker

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication. NOTE: the supplier disputes the vulnerability information, and also objects to the assignment process (unsupported when assigned from incorrect CNA).

References

github.com/NSSCYCTFER/SRC-CVE