Описание
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets).
Уязвимые конфигурации
Конфигурация 1Версия до 10.9.1 (включая)
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00692
Низкий
7.5 High
CVSS3
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets).
EPSS
Процентиль: 71%
0.00692
Низкий
7.5 High
CVSS3
Дефекты
CWE-23
CWE-22