CVE-2021-29100
HIGHEsri ArcGIS Earth < 1.11.0 - Path Traversal and Arbitrary File Write via Crafted File Upload
Title source: llmDescription
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.esri.com/arcgis-blog/products/arcgis-earth/administration/arcgis-earth-security-update
Scores
CVSS v3
7.8
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
CWE-23
Status
published
Products (1)
esri/arcgis_earth
< 1.11.0
Published
May 05, 2021
Tracked Since
Feb 18, 2026