Описание
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00528
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
EPSS
Процентиль: 67%
0.00528
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
CWE-601