Vulnerabilities > CVE-2021-29115 - Exposure of Resource to Wrong Sphere vulnerability in Esri Arcgis Enterprise 10.6.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

esri

CWE-668

NVD

Published: 2021-12-07

Updated: 2023-11-07

Summary

An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.

Vulnerable Configurations

Part	Description	Count
Application	Esri Esri Arcgis Enterprise - Esri Arcgis Enterprise 10.6.1	2

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available