Filtered by vendor Esri
Subscriptions
Filtered by product Arcgis Server
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-38197 | 1 Esri | 1 Arcgis Server | 2022-10-31 | 6.1 Medium |
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | ||||
CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2022-10-31 | 8.1 High |
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | ||||
CVE-2022-38200 | 1 Esri | 1 Arcgis Server | 2022-10-31 | 6.1 Medium |
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. | ||||
CVE-2022-38199 | 1 Esri | 1 Arcgis Server | 2022-10-28 | 6.1 Medium |
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. | ||||
CVE-2022-38195 | 1 Esri | 1 Arcgis Server | 2022-10-27 | 6.1 Medium |
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
CVE-2022-38198 | 1 Esri | 1 Arcgis Server | 2022-10-26 | 6.1 Medium |
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2020-12-30 | 9.8 Critical |
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. |