CVE-2024-51966

Name of the Vulnerable Software and Affected Versions ESRI ArcGIS Server versions 10.9.1 through 11.3

Description The issue is related to a path traversal vulnerability. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system and access files outside of the intended directory. This could potentially have a high impact on confidentiality, although there is no impact to integrity or availability due to the nature of the files that can be accessed.

Recommendations For ESRI ArcGIS Server versions 10.9.1 through 11.3, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to reduce the potential impact of the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.