Lucene search
EsriCVELIST:CVE-2022-38194HistoryAug 16, 2022 - 5:00 p.m.
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)
2022-08-1617:00:17
CWE-311
Esri
www.cve.org
2
cve-2022-38194
arcgis
encryption
vulnerability
sensitive information
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
EPSS
0
Percentile
5.1%
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
CNA Affected
[
{
"platforms": [
"x64"
],
"product": "Portal for ArcGIS",
"vendor": "Esri",
"versions": [
{
"status": "affected",
"version": "10.8.1"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-08-16 17:15:00
nvd
nvd
CVE-2022-38194
2022-08-16 17:15:08
cve
cve
CVE-2022-38194
2022-08-16 17:15:08
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2022-38194