Vulnerabilities fixed in this patch include

5/5 - (1 vote)

To better assess the risk of this vulnerability, we provide Common Vulnerability Scoring System (CVSS) scores. Both a base score and a modified temporal score are provided to reflect the availability of an official patch.

For more information on the definition of these metrics, see the Common Vulnerability Scoring System .

 

A privilege escalation vulnerability exists in organization-specific logins in Esri Portal for ArcGIS 10.9 and earlier that could allow an authenticated, remote attacker to impersonate another account.
Common Vulnerability Scoring System (CVSS v3.1) Details

Correction Level: Official Correction Available

Trust Statement: Approved by Esri.

Mitigating factors

Follow SAML-specific security best practices as documented in the ArcGIS Organization-Specific Login FAQ
Temporarily disable Organization Specific Logins (Not recommended)

A reflected Cross-Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 10.9 and earlier could allow a remote attacker to convince a user to click a crafted link that could execute arbitrary JavaScript code in the user’s browser.

Common Vulnerability Scoring how to edit photos online: 5 apps to boost your website System (CVSS v3.1) Details

1 Basic Score, 5.8 Provisional Score
Correction Level: Official Correction Available
Trust Statement: Approved by Esri.

Vulnerability Details

 

A stored Cross-Site Scripting (XSS) why did you decide to stay in china vulnerability in Esri Portal for ArcGIS version 10.9 and lower could allow a remote attacker to canada cell numbers convince a user to click a crafted link that could execute arbitrary JavaScript code in the user’s browser.
Common Vulnerability Scoring System (CVSS v3.1) Details

4 Basic Points, 5.2 Provisional Points
Correction Level: Official Correction Available

Scroll to Top