PT-2021-18089 · Esri · Arcgis Geoevent Server

Published

2021-05-05

Updated

2024-05-21

CVE-2021-29101

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ArcGIS GeoEvent Server versions 10.8.1 and below

Description: The issue allows an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system due to a read-only directory path traversal vulnerability.

Recommendations: For ArcGIS GeoEvent Server versions 10.8.1 and below, update to a version above 10.8.1 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2021-29101

Affected Products

Arcgis Geoevent Server

PT-2021-18089 · Esri · Arcgis Geoevent Server

CVE-2021-29101

Weakness Enumeration

Related Identifiers

Affected Products

References · 4