CVE-2024-25692

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.1 and below

Description The issue is a cross-site-request forgery vulnerability that may allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.

Recommendations For Esri Portal for ArcGIS versions 11.1 and below, consider disabling or restricting access to crafted forms until a patch is available. As a temporary workaround, restrict user interactions with potentially malicious forms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.