exploitDog

CVE-2022-38187

Опубликовано: 15 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

Ссылки

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/
Not Applicable
Vendor Advisory
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/
Not Applicable
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*

Версия до 10.9 (исключая)

EPSS

Процентиль: 58%

0.00362

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c297-p4vx-rjg5

CVSS3: 7.5

github

больше 3 лет назад

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

EPSS

Процентиль: 58%

0.00362

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

NVD-CWE-noinfo