CVE-2024-51954

Опубликовано: 03 мар. 2025

Источник: nvd

CVSS3: 8.5

CVSS3: 7.1

EPSS Низкий

Описание

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated)

ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.

Ссылки

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

Версия от 10.9.1 (включая) до 11.3 (включая)

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00118

Низкий

8.5 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-cxm9-pc6x-88r5

CVSS3: 8.5

github

11 месяцев назад

There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.

BDU:2025-02368

CVSS3: 8.5

fstec

12 месяцев назад

Уязвимость сервера ArcGIS Server, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 31%

0.00118

Низкий

8.5 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo