6 matches found
CVE-2025-0020
Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS Authentication allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation. The ArcGIS clientcredentials OAuth 2.0 API implementation...
CVE-2025-0020
creationtimestamp| type| source ---|---|--- 2025-05-14 08:31:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16294 2025-05-14 09:17:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp4o4q5plv2p 2025-05-14 09:19:53+00:00| seen|...
CVE-2025-0020
Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected this CVE as it is not a vulnerability”...
CVE-2025-0020
...
CVE-2025-0020
...
CVE-2025-0020
CVE-2025-0020 is marked as rejected in the initial entry, but connected documents describe a vulnerability in ArcGIS’s client_credentials OAuth 2.0 API implementation: it allows undocumented, custom token expiration, enabling privilege abuse and manipulation of hidden fields/configuration. Affect...