CVE-2024-25699

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 8.5

CVSS3: 8.1

EPSS Низкий

Описание

There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*

Версия от 10.8.1 (включая) до 11.2 (включая)

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:esri:arcgis_enterprise:*:*:*:*:*:*:*:*

Версия до 11.1 (включая)

EPSS

Процентиль: 81%

0.01617

Низкий

8.5 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-7hfh-vfcv-wfqp

CVSS3: 8.5

github

почти 2 года назад

There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.

EPSS

Процентиль: 81%

0.01617

Низкий

8.5 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-287