Product:

Arcgis_enterprise

(Esri)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2021-12-07 CVE-2021-29115 An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. Arcgis_enterprise 5.3
2021-04-08 CVE-2021-3012 A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). Arcgis_enterprise 5.4
2019-09-11 CVE-2019-16193 In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. Arcgis_enterprise N/A