Описание
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.9.1 (включая)
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02028
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).
EPSS
Процентиль: 83%
0.02028
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-23
CWE-22