Lucene search

EsriCVELIST:CVE-2021-29095

HistoryMar 16, 2021 - 12:00 a.m.

CVE-2021-29095 ArcGIS Server image service and raster analytics security update: uninitialized pointer

2021-03-1600:00:00

CWE-824

Esri

www.cve.org

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.

CNA Affected

[
  {
    "platforms": [
      "x64"
    ],
    "product": "ArcGIS Server",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9",
        "status": "affected",
        "version": "10.8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for CVELIST:CVE-2021-29095