Vulnerability Details CVE-2013-5221
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.7%
CVSS Severity
CVSS v2 Score 3.5
References
- http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
- http://support.esri.com/en/knowledgebase/techarticles/detail/41497
- http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
- http://support.esri.com/en/knowledgebase/techarticles/detail/41497
Products affected by CVE-2013-5221
-
cpe:2.3:a:esri:arcgis_server:10.1
-
cpe:2.3:a:esri:arcgis_server:10.2