CVE-2022-38202

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server versions 10.9.1 and below

Description The issue allows a remote, unauthenticated attacker to traverse the file system and access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information, but not user datasets.

Recommendations For Esri ArcGIS Server versions 10.9.1 and below, update to a version above 10.9.1 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23

Related Identifiers

CVE-2022-38202

Affected Products

Arcgis Server

CVE-2022-38202

Weakness Enumeration

Related Identifiers

Affected Products

References · 5