Arcgis Server@* Security Vulnerabilities and Issues — Arcgis Server@* CVE List

Lucene search

EsriArcgis Server*

5 matches found

CVE•added 2022/12/28 5:15 p.m.•89 views

CVE-2022-38202

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive s...

7.5CVSS7.4AI score0.00343EPSS

CVE•added 2022/10/25 5:15 p.m.•64 views

CVE-2022-38196

Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory.

8.1CVSS7AI score0.00824EPSS

CVE•added 2022/10/25 5:15 p.m.•63 views

CVE-2022-38195

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1CVSS6.2AI score0.00313EPSS

CVE•added 2022/10/25 5:15 p.m.•58 views

CVE-2022-38198

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1CVSS6.3AI score0.00845EPSS

CVE•added 2022/10/25 5:15 p.m.•48 views

CVE-2022-38197

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.

6.1CVSS6.2AI score0.00948EPSS