There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2022-06-28T00:00:00
Updated: 2022-08-16T17:20:14
Reserved: 2022-08-12T00:00:00
Link: CVE-2022-38184
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-16T18:15:09.277
Modified: 2023-06-27T20:01:50.113
Link: CVE-2022-38184
JSON object: View
Redhat Information
No data.
CWE