CVE-2024-8148

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.8.1 through 11.2

Description The issue is related to an unvalidated redirect vulnerability that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. This vulnerability is associated with the use of open redirects. Exploitation of the vulnerability could allow a remote attacker to redirect a user to an arbitrary URL.

Recommendations For Esri Portal for ArcGIS versions 10.8.1 through 11.2, consider disabling the redirect functionality until a patch is available to prevent potential phishing attacks. Restrict access to the portal to minimize the risk of exploitation. Avoid using URLs that could be used for redirecting users to arbitrary websites until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.