Vulnerabilities > Esri

DATE CVE VULNERABILITY TITLE RISK
2022-12-29 CVE-2022-38209 Unspecified vulnerability in Esri Portal for Arcgis
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
network
low complexity
esri
6.1
2022-12-29 CVE-2022-38210 Cross-site Scripting vulnerability in Esri Portal for Arcgis
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
network
low complexity
esri CWE-79
6.1
2022-12-29 CVE-2022-38211 Unspecified vulnerability in Esri Portal for Arcgis
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.
network
low complexity
esri
7.5
2022-12-29 CVE-2022-38212 Unspecified vulnerability in Esri Portal for Arcgis
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.
network
low complexity
esri
7.5
2022-12-28 CVE-2022-38202 Path Traversal vulnerability in Esri Arcgis Server
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below.
network
low complexity
esri CWE-22
7.5
2022-11-15 CVE-2022-38201 Unspecified vulnerability in Esri Arcgis Quickcapture
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.
network
low complexity
esri
6.1
2022-10-25 CVE-2022-38195 Cross-site Scripting vulnerability in Esri Arcgis Server
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
network
low complexity
esri CWE-79
6.1
2022-10-25 CVE-2022-38196 Path Traversal vulnerability in Esri Arcgis Server
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory.
network
low complexity
esri CWE-22
8.1
2022-10-25 CVE-2022-38197 Open Redirect vulnerability in Esri Arcgis Server
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.
network
low complexity
esri CWE-601
6.1
2022-10-25 CVE-2022-38198 Cross-site Scripting vulnerability in Esri Arcgis Server
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
network
low complexity
esri CWE-79
6.1