Filtered by vendor Esri
Subscriptions
Total
85 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-29107 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.1 Medium |
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | ||||
CVE-2021-29116 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.1 Medium |
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
CVE-2021-29109 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
CVE-2022-38207 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. | ||||
CVE-2022-38194 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.7 Medium |
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file. | ||||
CVE-2013-7232 | 1 Esri | 1 Arcgis Server | 2024-09-16 | N/A |
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | ||||
CVE-2022-38188 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 7.5 High |
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
CVE-2022-38197 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.1 Medium |
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | ||||
CVE-2022-38189 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 5.4 Medium |
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
CVE-2021-29114 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 9.8 Critical |
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. | ||||
CVE-2022-38191 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. | ||||
CVE-2022-38195 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.1 Medium |
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
CVE-2021-29102 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 9.1 Critical |
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 8.6 High |
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | ||||
CVE-2021-29101 | 1 Esri | 1 Arcgis Geoevent Server | 2024-09-16 | 7.5 High |
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. | ||||
CVE-2021-29095 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.8 Medium |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. | ||||
CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.5 Medium |
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | ||||
CVE-2022-38210 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||
CVE-2022-38190 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 6.1 Medium |
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser |