exploitDog

CVE-2022-38199

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:esri:arcgis_server:10.7.1:*:*:*:*:*:x64:*

cpe:2.3:a:esri:arcgis_server:10.8.1:*:*:*:*:*:x64:*

cpe:2.3:a:esri:arcgis_server:10.9.1:*:*:*:*:*:x64:*

EPSS

Процентиль: 42%

0.00198

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-494

CWE-494

Связанные уязвимости

GHSA-7rfh-x78j-cqj5

CVSS3: 6.1

github

больше 3 лет назад

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

EPSS

Процентиль: 42%

0.00198

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-494

CWE-494