To better assess the risk of this vulnerability, we provide Common Vulnerability Scoring System (CVSS) scores. Both a base score and a modified temporal score are provided to reflect the availability of an official patch.
For more information on the definition of these metrics, see the Common Vulnerability Scoring System .
A privilege escalation vulnerability exists in organization-specific logins in Esri Portal for ArcGIS 10.9 and earlier that could allow an authenticated, remote attacker to impersonate another account.
Common Vulnerability Scoring System (CVSS v3.1) Details
Correction Level: Official Correction Available
Trust Statement: Approved by Esri.
Mitigating factors
Follow SAML-specific security best practices as documented in the ArcGIS Organization-Specific Login FAQ
Temporarily disable Organization Specific Logins (Not recommended)
A reflected Cross-Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 10.9 and earlier could allow a remote attacker to convince a user to click a crafted link that could execute arbitrary JavaScript code in the user’s browser.
Common Vulnerability Scoring how to edit photos online: 5 apps to boost your website System (CVSS v3.1) Details
1 Basic Score, 5.8 Provisional Score
Correction Level: Official Correction Available
Trust Statement: Approved by Esri.
Vulnerability Details
A stored Cross-Site Scripting (XSS) why did you decide to stay in china vulnerability in Esri Portal for ArcGIS version 10.9 and lower could allow a remote attacker to canada cell numbers convince a user to click a crafted link that could execute arbitrary JavaScript code in the user’s browser.
Common Vulnerability Scoring System (CVSS v3.1) Details
4 Basic Points, 5.2 Provisional Points
Correction Level: Official Correction Available