Lucene search

[email protected]NVD:CVE-2022-38205

HistoryDec 29, 2022 - 8:15 p.m.

CVE-2022-38205

2022-12-2920:15:09

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

esri portal

arcgis

directory traversal

remote attack

sensitive data disclosure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

59.7%

JSON

In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).

Affected configurations

NVD

Node

esriportal_for_arcgisRange≤10.9.1

References

www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

59.7%

JSON

Related for NVD:CVE-2022-38205

cve1 prion1 cvelist1