CVE-2022-38187

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 10.9.0

Description The issue allows an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs because the "sharing/rest/content/features/analyze" endpoint is always accessible to anonymous users.

Recommendations For versions prior to 10.9.0, update to version 10.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "sharing/rest/content/features/analyze" endpoint to minimize the risk of exploitation.