8.5

CVE-2024-25699

EPSS 1.62%
Veröffentlicht 04.04.2024 18:15:11
Zuletzt bearbeitet 13.02.2026 19:41:30
Quelle psirt@esri.com
CVE-Watchlists
Login
Unerledigt
Login

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Esri ≫ Portal For Arcgis Version >= 10.8.1 <= 11.2

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Esri ≫ Arcgis Enterprise Version <= 11.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.62%	0.815

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	1.8	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
psirt@esri.com	8.5	1.8	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25699

EUVD