PT-2021-18088 · Esri · Esri Arcgis Earth

Rgod

Published

2021-05-03

Updated

2022-03-30

CVE-2021-29100

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Earth versions 1.11.0 and below

Description: A path traversal issue exists, allowing arbitrary file creation on an affected system through crafted input. This could lead to arbitrary code execution under the security context of the user running the software by inducing the user to upload a crafted file.

Recommendations: For Esri ArcGIS Earth versions 1.11.0 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2021-29100

ZDI-21-505

Affected Products

Esri Arcgis Earth

PT-2021-18088 · Esri · Esri Arcgis Earth

CVE-2021-29100

Weakness Enumeration

Related Identifiers

Affected Products

References · 4