Arcgis Server Security Vulnerabilities and Issues — Arcgis Server CVE List

Lucene search

EsriArcgis Server

3 matches found

CVE•added 2021/12/07 11:15 a.m.•59 views

CVE-2021-29114

A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.

9.8CVSS8.9AI score0.00427EPSS

CVE•added 2021/12/07 11:15 a.m.•49 views

CVE-2021-29113

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

4.7CVSS4.8AI score0.00333EPSS

CVE•added 2021/12/07 11:15 a.m.•31 views

CVE-2021-29116

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary Java...

6.1CVSS6AI score0.00484EPSS