Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29109 | 1 Esri | 1 Portal For Arcgis | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2021-29110 | 1 Esri | 1 Portal For Arcgis | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | |||||
| CVE-2021-29108 | 1 Esri | 1 Portal For Arcgis | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted. | |||||