There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. 
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.06534}

epss

{'score': 0.11824}


Wed, 08 Jan 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Esri
Esri portal For Arcgis
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Esri
Esri portal For Arcgis
Linux
Linux linux Kernel
Microsoft
Microsoft windows

cve-icon MITRE

Status: PUBLISHED

Assigner: Esri

Published:

Updated: 2024-08-01T23:52:04.660Z

Reserved: 2024-02-09T19:07:07.974Z

Link: CVE-2024-25693

cve-icon Vulnrichment

Updated: 2024-08-01T23:52:04.660Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-04T18:15:10.193

Modified: 2025-01-08T15:09:41.357

Link: CVE-2024-25693

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.