Описание
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.
The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.8.1 (включая) до 11.0 (включая)
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-319