Vulnerabilities > Esri > Portal FOR Arcgis > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-38040 | Unspecified vulnerability in Esri Portal for Arcgis There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files. | 7.5 |
| 2024-04-04 | CVE-2024-25695 | Unspecified vulnerability in Esri Portal for Arcgis There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. | 7.2 |
| 2024-04-04 | CVE-2024-25699 | Unspecified vulnerability in Esri Arcgis Enterprise and Portal for Arcgis There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software. | 8.1 |
| 2022-12-29 | CVE-2022-38203 | Server-Side Request Forgery (SSRF) vulnerability in Esri Portal for Arcgis Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | 7.5 |
| 2022-12-29 | CVE-2022-38205 | Path Traversal vulnerability in Esri Portal for Arcgis In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | 7.5 |
| 2022-12-29 | CVE-2022-38211 | Unspecified vulnerability in Esri Portal for Arcgis Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. | 7.5 |
| 2022-12-29 | CVE-2022-38212 | Unspecified vulnerability in Esri Portal for Arcgis Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203. | 7.5 |
| 2022-08-16 | CVE-2022-38184 | Unspecified vulnerability in Esri Portal for Arcgis There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | 7.5 |
| 2022-08-15 | CVE-2022-38187 | Unspecified vulnerability in Esri Portal for Arcgis Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | 7.5 |