Описание
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
Уязвимые конфигурации
Конфигурация 1Версия до 11.1 (включая)
Одновременно
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.4
github
почти 2 года назад
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
EPSS
Процентиль: 51%
0.00281
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-352