CVE-2022-38197

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server versions 10.9.1 and below

Description The issue is related to an unvalidated redirect that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker-controlled website via a crafted query parameter.

Recommendations For Esri ArcGIS Server versions 10.9.1 and below, update to a version above 10.9.1 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this issue.