12 matches found
CVE-2026-33519
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...
CVE-2026-33519
The CVE-2026-33519 entry concerns Esri Portal for ArcGIS versions 11.4–12.0. A flaw in authorization checks allows improper permission validation for developer credentials, enabling misuse of permissions and the potential generation of Portal Administrator tokens by low-privilege users. The issue...
EUVD-2022-40786
Malicious code in bioql PyPI...
EUVD-2024-23015
Malicious code in bioql PyPI...
EUVD-2022-40800
Malicious code in bioql PyPI...
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
PT-2024-7834
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.1 and 11.2 Description The issue is related to a reflected XSS vulnerability, which may allow a remote, unauthenticated attacker to create a crafted link that, when clicked, could potentially execute arbitrar...
PT-2024-7840 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1 through 11.2 Description: The issue is related to a local file inclusion vulnerability. It may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive...
CVE-2023-25832
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions...
CVE-2022-38191
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application...
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...
PT-2012-3425 · Esri · Esri Arcgis +1
Name of the Vulnerable Software and Affected Versions: ESRI ArcMap version 9 ESRI ArcGIS versions 10.0.2.3200 and earlier Description: The issue allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map .mxd file, due to the software not properly prompting users before...