Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Arcgis_server
(Esri)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-21 | CVE-2023-25841 | There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities. | Arcgis_server | N/A | ||
| 2023-08-25 | CVE-2023-25848 | ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | Arcgis_server | N/A | ||
| 2012-11-14 | CVE-2012-4949 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | Arcgis_server | N/A | ||
| 2013-09-24 | CVE-2013-5221 | The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. | Arcgis_server | N/A | ||
| 2013-12-30 | CVE-2013-5222 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Arcgis_server | N/A | ||
| 2013-12-30 | CVE-2013-7231 | Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. | Arcgis_server | N/A | ||
| 2013-12-30 | CVE-2013-7232 | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | Arcgis_server | N/A | ||
| 2014-08-22 | CVE-2014-5121 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | Arcgis_server | N/A | ||
| 2014-08-22 | CVE-2014-5122 | Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. | Arcgis_server | N/A | ||
| 2015-07-08 | CVE-2014-9741 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Arcgis_for_desktop, Arcgis_for_engine, Arcgis_server | N/A |