esri

168 tracked vulnerabilities.

CVE-2024-25699 HIGH
Esri Portal for ArcGIS <= 11.2 and ArcGIS Enterprise <= 11.1 - Authenticated Improper Authentication
Apr 04, 2024
CVSS 8.5
EPSS 0.02
CVE-2024-25698 MEDIUM
Esri Portal for ArcGIS < 11.1 - Unauthenticated Reflected Cross-Site Scripting
Apr 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25697 MEDIUM
Portal for ArcGIS < 11.1 - Authenticated Stored Cross-Site Scripting via User Bio Page
Apr 04, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25696 MEDIUM
Portal for ArcGIS <= 11.0 - Authenticated Stored Cross-Site Scripting via Crafted Link
Apr 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25695 HIGH
Portal for ArcGIS <= 11.2 - Authenticated Stored Cross-Site Scripting in Error Messages
Apr 04, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-25693 CRITICAL
Esri Portal for ArcGIS <= 11.2 - Authenticated Path Traversal
Apr 04, 2024
CVSS 9.9
EPSS 0.10
CVE-2024-25692 MEDIUM
Esri Portal for ArcGIS < 11.1 - Cross-Site Request Forgery via Crafted Form
Apr 04, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25690 MEDIUM
Esri Portal for ArcGIS < 11.1 - Unauthenticated HTML Injection via Crafted Link
Apr 04, 2024
CVSS 4.7
EPSS 0.00
CVE-2023-25848 MEDIUM
ArcGIS Enterprise Server < 11.0 - Unauthenticated Information Disclosure via Crafted Query
Aug 25, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-25841 MEDIUM
Esri ArcGIS Server < 11.1 - Unauthenticated Stored Cross-Site Scripting
Jul 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25840 LOW
ArcGIS Server < 11.1 - Authenticated Stored Cross-Site Scripting via Crafted Link
Jul 21, 2023
CVSS 3.4
EPSS 0.00
CVE-2023-25837 HIGH
Esri Portal for ArcGIS 10.8.1-10.9 - Authenticated Stored Cross-Site Scripting
Jul 21, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-25836 MEDIUM
Esri Portal for ArcGIS 10.8.1-10.9 - Authenticated Stored Cross-Site Scripting
Jul 21, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-25835 HIGH
Esri Portal for ArcGIS 10.8.1-11.1 - Authenticated Stored Cross-Site Scripting via Site Configuration Link
Jul 21, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-25839 HIGH
Esri ArcGIS Insights Desktop 2022.1 - Authenticated SQL Injection
Jul 19, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-25838 HIGH
Esri ArcGIS Insights 2022.1 - Authenticated SQL Injection
Jul 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25833 MEDIUM
Esri Portal for ArcGIS < 11.0 - Authenticated HTML Injection via Crafted Link
May 10, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-25832 HIGH
Esri Portal for ArcGIS < 11.0 - Cross-Site Request Forgery
May 09, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-25831 MEDIUM
Esri Portal for ArcGIS <= 10.9.1 - Unauthenticated Reflected Cross-Site Scripting
May 09, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25830 MEDIUM
Esri Portal for ArcGIS 10.9.1 and before - Unauthenticated Reflected Cross-Site Scripting
May 09, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25829 MEDIUM
Esri Portal for ArcGIS <= 11.0 - Unauthenticated Open Redirect
May 09, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25834 MEDIUM
Portal for ArcGIS 10.7.1-10.9.1 - Improper Privilege Management
May 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-38212 HIGH
Esri Portal for ArcGIS <10.8.1 - SSRF
Dec 29, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38211 HIGH
Esri Portal for ArcGIS <10.9.1 - SSRF
Dec 29, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38210 MEDIUM
Esri Portal for ArcGIS <10.9.1 - XSS
Dec 29, 2022
CVSS 6.1
EPSS 0.00
Products
portal_for_arcgis 73 arcgis_server 67 arcgis_pro 6 arcreader 6 arcgis_enterprise 5 arcmap 4 arcgis_engine 3 ArcGIS Server 2 Portal for ArcGIS 2 arcgis_allsource 2 arcgis_insights 2 arcinfo_workstation 2 arcsde 2 ArcGIS Enterprise Builder 1 ArcGIS Monitor 1 ArcGIS Web AppBuilder {Developer Edition) 1 arcgis_earth 1 arcgis_for_desktop 1 arcgis_for_engine 1 arcgis_geoevent_server 1 arcgis_quickcapture 1 arcgisruntime_sdk 1 arcpad 1
Quick Filters
Critical CVEs With Exploits In CISA KEV