CVE-2021-29108
HIGHEsri Portal for ArcGIS < 10.9 - Authenticated Privilege Escalation via SAML Assertion XML Signature Wrapping
Title source: llmDescription
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.
References (2)
Core 2
Core References
Product, Technical Description
https://downloads.esri.com/RESOURCES/ENTERPRISEGIS/Organization-Specific_Logins_FAQs.pdf
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (1)
esri/portal_for_arcgis
< 10.9
Published
Oct 01, 2021
Tracked Since
Feb 18, 2026