PT-2013-5454 · Esri · Esri Arcgis For Server
Roberto Suggi Liverani
·
Published
2013-09-24
·
Updated
2024-07-11
·
CVE-2013-5221
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Esri ArcGIS for Server versions 10.1 through 10.2
Description
The mobile-upload feature in Esri ArcGIS for Server allows remote authenticated users to upload .exe files by leveraging publisher or administrator privileges.
Recommendations
For versions 10.1 through 10.2, consider restricting the mobile-upload feature to prevent unauthorized file uploads until a fix is available.
As a temporary workaround, consider disabling the mobile-upload feature for users with publisher or administrator privileges to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esri Arcgis For Server