PT-2022-24273 · Esri · Esri Arcgis Server

Published

2022-10-25

Updated

2022-10-31

CVE-2022-38196

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server versions 10.9.1 and prior

Description The issue is a path traversal vulnerability that may result in a denial of service. It allows a remote, authenticated attacker to overwrite internal ArcGIS Server directory.

Recommendations For Esri ArcGIS Server versions 10.9.1 and prior, update to a version later than 10.9.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-38196

Affected Products

Esri Arcgis Server

PT-2022-24273 · Esri · Esri Arcgis Server

CVE-2022-38196

Weakness Enumeration

Related Identifiers

Affected Products

References · 4