Vulnerabilities > Esri

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-38199 Download of Code Without Integrity Check vulnerability in Esri Arcgis Server 10.7.1/10.8.1/10.9.1
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment.
network
low complexity
esri CWE-494
6.1
6.1
2022-10-25 CVE-2022-38200 Cross-site Scripting vulnerability in Esri Arcgis Server 10.7.1/10.8.1
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1.
network
low complexity
esri CWE-79
6.1
6.1
2022-08-16 CVE-2022-38184 Unspecified vulnerability in Esri Portal for Arcgis
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
network
low complexity
esri
7.5
7.5
2022-08-16 CVE-2022-38189 Cross-site Scripting vulnerability in Esri Portal for Arcgis
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
network
low complexity
esri CWE-79
5.4
5.4
2022-08-16 CVE-2022-38192 Cross-site Scripting vulnerability in Esri Portal for Arcgis
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
network
low complexity
esri CWE-79
5.4
5.4
2022-08-16 CVE-2022-38193 Code Injection vulnerability in Esri Portal for Arcgis
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.
network
low complexity
esri CWE-94
critical
 9.6
9.6
2022-08-16 CVE-2022-38194 Missing Encryption of Sensitive Data vulnerability in Esri Portal for Arcgis 10.8.1
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted.
local
low complexity
esri CWE-311
5.5
5.5
2022-08-15 CVE-2022-38186 Cross-site Scripting vulnerability in Esri Portal for Arcgis
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
network
low complexity
esri CWE-79
6.1
6.1
2022-08-15 CVE-2022-38187 Unspecified vulnerability in Esri Portal for Arcgis
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.
network
low complexity
esri
7.5
7.5
2022-08-15 CVE-2022-38188 Cross-site Scripting vulnerability in Esri Portal for Arcgis
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
network
low complexity
esri CWE-79
6.1
6.1