CVE-2022-38184

Name of the Vulnerable Software and Affected Versions Portal for ArcGIS versions 10.8.1 and below

Description The issue is related to improper access control in Portal for ArcGIS, which could allow a remote, unauthenticated attacker to access an API. This may induce Esri Portal for ArcGIS to read arbitrary URLs, potentially leading to privilege escalation.

Recommendations For Portal for ArcGIS versions 10.8.1 and below, consider restricting access to the vulnerable API endpoint until a patch is available. As a temporary workaround, limit the ability of the Portal for ArcGIS to read arbitrary URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.