CVE-2023-25834

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.

Ссылки

https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095
Patch
Release Notes
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/
Patch
Vendor Advisory
https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095
Patch
Release Notes
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*

Версия от 10.7.1 (включая) до 10.9.1 (включая)

EPSS

Процентиль: 34%

0.00139

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-qj6g-3fwx-29q3

CVSS3: 4.6

github

больше 2 лет назад