CVE-2024-38040

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:*:*:*:*:*:*:*

History

15 Oct 2024, 16:01

Type Values Removed Values Added
CPE cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.2:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*
References () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/ - () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/ - Vendor Advisory
First Time Esri
Esri portal For Arcgis
CWE NVD-CWE-Other

07 Oct 2024, 17:48

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de inclusión de archivos locales en Esri Portal for ArcGIS 11.2. 11.1, 11.0 y 10.9.1 que puede permitir que un atacante remoto no autenticado cree una URL que podría revelar información de configuración confidencial al leer archivos internos.

04 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-04 18:15

Updated : 2024-10-15 16:01


NVD link : CVE-2024-38040

Mitre link : CVE-2024-38040

CVE.ORG link : CVE-2024-38040


JSON object : View

Products Affected

esri

  • portal_for_arcgis
CWE
NVD-CWE-Other CWE-73

External Control of File Name or Path