Vulnerabilities > CVE-2021-29113 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

esri

CWE-829

NVD

Published: 2021-12-07

Updated: 2023-11-07

Summary

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

Vulnerable Configurations

Part	Description	Count
Application	Esri Esri Arcgis Server *	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available