Vulnerabilities > CVE-2021-29113 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1

047910
CVSS 4.7 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
esri
CWE-829

Summary

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

Vulnerable Configurations

Part Description Count
Application
Esri
4