Redacted

Name of the Vulnerable Software and Affected Versions: ArcGIS (affected versions not specified) Description: The ArcGIS client credentials OAuth 2.0 API implementation does not adhere to the RFC/standards, allowing a requestor to request an undocumented, custom token expiration from ArcGIS. This hidden functionality enables privilege abuse, manipulating hidden fields, and configuration/environment manipulation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.