PT-2024-21097 · Esri · Esri Portal For Arcgis+1
Published
2024-04-04
·
Updated
2026-02-13
·
CVE-2024-25699
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Esri Portal for ArcGIS versions 10.8.1 through 11.2
ArcGIS Enterprise versions 11.1 and below
Description
The issue is related to improper authentication in the Home application, which could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software under unique circumstances.
Recommendations
For Esri Portal for ArcGIS versions 10.8.1 through 11.2, update to a version that addresses the improper authentication issue in the Home application.
For ArcGIS Enterprise versions 11.1 and below, update to a version that addresses the improper authentication issue in the Home application.
As a temporary workaround, consider restricting access to the Home application until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcgis Enterprise
Esri Portal For Arcgis