PT-2021-5164 · Esri · Esri Arcgis Enterprise

Published

2021-09-23

Updated

2022-03-30

CVE-2021-29115

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Enterprise versions 10.9.0 and below

Description An information disclosure issue in the ArcGIS Service Directory may allow a remote attacker to view hidden field names in feature layers, potentially revealing field names but not the features themselves.

Recommendations For versions 10.9.0 and below, update to a version above 10.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the ArcGIS Service Directory to minimize the risk of exploitation.

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

BDU:2021-05964

CVE-2021-29115

Affected Products

Esri Arcgis Enterprise

PT-2021-5164 · Esri · Esri Arcgis Enterprise

CVE-2021-29115

Weakness Enumeration

Related Identifiers

Affected Products

References · 6