PT-2024-27718 · Esri · Arcgis Enterprise Server

Published

2024-06-21

Updated

2024-06-27

CVE-2024-37694

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions ArcGIS Enterprise Server version 10.8.0

Description The issue allows a remote attacker to obtain sensitive information because the "/arcgis/rest/services" endpoint does not require authentication.

Recommendations For ArcGIS Enterprise Server version 10.8.0, consider restricting access to the "/arcgis/rest/services" endpoint to require authentication until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-37694

Affected Products

Arcgis Enterprise Server

PT-2024-27718 · Esri · Arcgis Enterprise Server

CVE-2024-37694

Related Identifiers

Affected Products

References · 4