Описание
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:-:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:security_2025_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:security_2025_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:-:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2024_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2024_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2025_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2025_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:-:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2024_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2024_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2025_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2025_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.3:-:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.3:security_2025_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.3:security_2025_update2:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.4:-:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.4:security_2025_update1:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.4:security_2025_update2:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
4 месяца назад
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
EPSS
Процентиль: 17%
0.00054
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601