RSS   Vulnerabilities for 'Arcgis enterprise'   RSS

2021-12-07
 
CVE-2021-29115

CWE-668
 

 
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.

 
2021-04-08
 
CVE-2021-3012

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

 
2019-09-11
 
CVE-2019-16193

CWE-79
 

 
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.

 

 >>> Vendor: ESRI 16 Products
Arcinfo workstation
Arcgis
Arcpad
Arcmap
Arcgis for server
Arcgis for desktop
Arcgis for engine
Arcgis enterprise
Arcgis desktop
Arcgis pro
Arcreader
Arcgis engine
Arcgis online
Arcgis earth
Arcgis server
Portal for arcgis


Copyright 2022, cxsecurity.com

 

Back to Top