CVE-2024-51954

EPSS 0.29%
Veröffentlicht 03.03.2025 20:15:41
Zuletzt bearbeitet 13.02.2026 19:41:36
Quelle psirt@esri.com
CVE-Watchlists
Login
Unerledigt
Login

Unauthorized access to secure services in ArcGIS Server

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Esri ≫ ArcGIS Server Version >= 10.9.1 <= 11.3

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.208

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	3.1	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
psirt@esri.com	8.5	3.1	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51954

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51954

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51954

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-51954