CVE-2024-51954

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions 10.9.1 through 11.3

Description The issue is related to improper access control, which could allow a remote, low-privileged authenticated attacker to access secure services published on a standalone ArcGIS Server instance under unique circumstances. This could have a high impact on confidentiality, a low impact on integrity, and no impact on availability.

Recommendations For ArcGIS Server versions 10.9.1 through 11.3, consider restricting access to secure services until a fix is available. As a temporary workaround, review and enforce strict access controls on the ArcGIS Server instance to minimize the risk of exploitation.