CVE-2024-51961

High CVSS: 7.5

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.

Vendor

Esri

Product

Arcgis Server

CWE

CWE-73

Yayın Tarihi

2025-03-03 20:15:42

Güncelleme

2025-04-10 20:15:21

Source Identifier

psirt@esri.com

KEV Date Added

Kategoriler

CWE-73 Arcgis Server HIGH Esri 2025

Referanslar

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Benzer Kayıtlar

Medium

CVE-2026-1446

There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop appli…

Medium

CVE-2025-67709