CVE-2024-51966

Medium CVSS: 4.9

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.

Vendor

Esri

Product

Arcgis Server

CWE

CWE-22

Yayın Tarihi

2025-03-03 20:15:43

Güncelleme

2025-04-10 20:15:21

Source Identifier

psirt@esri.com

KEV Date Added

Kategoriler

CWE-22 Arcgis Server MEDIUM Esri 2025

Referanslar

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Benzer Kayıtlar

Medium

CVE-2026-1446

There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop appli…

Medium

CVE-2025-67709