CVE-2024-51958

Name of the Vulnerable Software and Affected Versions ESRI ArcGIS Server versions 10.9.1 through 11.3

Description The issue allows a remote authenticated attacker with admin privileges to traverse the file system and access files outside of the intended directory, potentially leading to a high impact on confidentiality. There is no impact to integrity or availability due to the nature of the files that can be accessed.

Recommendations For ESRI ArcGIS Server versions 10.9.1 through 11.3, update to a version that contains a fix for this issue to prevent path traversal exploitation.