Vulnerabilities > Esri > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-16 | CVE-2022-38193 | Code Injection vulnerability in Esri Portal for Arcgis There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | 9.6 |
| 2021-12-07 | CVE-2021-29114 | SQL Injection vulnerability in Esri Arcgis Server A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. | 9.8 |
| 2021-07-11 | CVE-2021-29102 | Server-Side Request Forgery (SSRF) vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. | 9.1 |
| 2020-12-26 | CVE-2020-35712 | Server-Side Request Forgery (SSRF) vulnerability in Esri Arcgis Server Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | 9.3 |