Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): ArcGIS
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-25839 |
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. Published: July 19, 2023; 12:15:09 PM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-25838 |
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. Published: July 19, 2023; 12:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-25833 |
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). Published: May 09, 2023; 10:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-25832 |
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. Published: May 09, 2023; 5:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-25831 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Published: May 09, 2023; 5:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-25830 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Published: May 09, 2023; 1:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-25829 |
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. Published: May 09, 2023; 1:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-25834 |
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. Published: May 09, 2023; 12:15:14 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-38212 |
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203. Published: December 29, 2022; 3:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38211 |
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. Published: December 29, 2022; 3:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38210 |
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38209 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38208 |
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38207 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38206 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38205 |
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38204 |
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-38203 |
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. Published: December 29, 2022; 3:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38202 |
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). Published: December 28, 2022; 12:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38201 |
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. Published: November 15, 2022; 4:15:37 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |