Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
References
Configurations
History
21 Nov 2024, 07:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 - Patch, Release Notes | |
References | () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/ - Patch, Vendor Advisory |
16 May 2023, 17:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/ - Patch, Vendor Advisory | |
References | (MISC) https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 - Patch, Release Notes |
09 May 2023, 17:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-09 16:15
Updated : 2024-11-21 07:50
NVD link : CVE-2023-25834
Mitre link : CVE-2023-25834
CVE.ORG link : CVE-2023-25834
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-269
Improper Privilege Management