Vulnerabilities > CVE-2024-51954 - Unspecified vulnerability in Esri Arcgis Server 10.9.1/11.1

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE
network
low complexity
esri

Summary

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance.  If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.

Vulnerable Configurations

Part Description Count
Application
Esri
2
OS
Linux
1
OS
Microsoft
1