CVE-2022-38203

EPSS 0.86%
Veröffentlicht 29.12.2022 20:15:09
Zuletzt bearbeitet 21.11.2024 07:16:03
Quelle psirt@esri.com
CVE-Watchlists
Login
Unerledigt
Login

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Esri ≫ Portal For Arcgis Version <= 10.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@esri.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-38203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38203

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-38203