A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
References
Link | Resource |
---|---|
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2021-03-16T00:00:00
Updated: 2021-03-25T20:32:06
Reserved: 2021-03-23T00:00:00
Link: CVE-2021-29093
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-25T21:15:13.167
Modified: 2024-02-23T19:38:24.760
Link: CVE-2021-29093
JSON object: View
Redhat Information
No data.
CWE