3 matches found
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only)
Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeratio...
CVE-2022-38203
The CVEs describe SSRF protection gaps in Esri Portal for ArcGIS. Specifically, CVE-2022-38203, CVE-2022-38211, and CVE-2022-38212 pertain to ArcGIS Portal for ArcGIS (versions 10.8.1 and below for 38203; 10.9.1, 10.8.1 and 10.7.1 for 38211/38212) where protections against forging requests to arb...
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only)
Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeratio...