Arcgis Server Security Vulnerabilities and Issues — Arcgis Server CVE List

Lucene search

EsriArcgis Server

4 matches found

CVE•added 2021/07/11 2:15 a.m.•99 views

CVE-2021-29102

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks.

9.1CVSS9.3AI score0.00359EPSS

CVE•added 2020/12/26 12:15 a.m.•90 views

CVE-2020-35712

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.

9.8CVSS9.3AI score0.00312EPSS

CVE•added 2021/12/07 11:15 a.m.•59 views

CVE-2021-29114

A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.

9.8CVSS8.9AI score0.00427EPSS

CVE•added 2025/03/03 8:15 p.m.•45 views

CVE-2024-51962

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges. There is a high impact to integrity and confidentiality and no impact to availabilit...

9.6CVSS8.1AI score0.00092EPSS