7.5
CVE-2022-38184
- EPSS 0.85%
- Veröffentlicht 16.08.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:15:57
- Quelle psirt@esri.com
- CVE-Watchlists
- Unerledigt
LoginThere is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Esri ≫ Portal For Arcgis Version <= 10.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.534 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@esri.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/