6.8
CVE-2021-29095
- EPSS 0.36%
- Veröffentlicht 25.03.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:00:42
- Quelle psirt@esri.com
- CVE-Watchlists
- Unerledigt
LoginMultiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Esri ≫ ArcGIS Server Version <= 10.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.575 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| psirt@esri.com | 6.4 | 0.5 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-824 Access of Uninitialized Pointer
The product accesses or uses a pointer that has not been initialized.