Описание
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Уязвимые конфигурации
Конфигурация 1Версия до 10.8.1 (включая)
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00385
Низкий
6.4 Medium
CVSS3
6.8 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-416
CWE-416
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
EPSS
Процентиль: 59%
0.00385
Низкий
6.4 Medium
CVSS3
6.8 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-416
CWE-416