CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-29115

An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.8%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available

Products affected by CVE-2021-29115

Esri » Arcgis Enterprise » Version: N/A

cpe:2.3:a:esri:arcgis_enterprise:-
Esri » Arcgis Enterprise » Version: 10.6.1

cpe:2.3:a:esri:arcgis_enterprise:10.6.1
Esri » Arcgis Enterprise » Version: 10.8.1

cpe:2.3:a:esri:arcgis_enterprise:10.8.1
Esri » Arcgis Enterprise » Version: 10.9

cpe:2.3:a:esri:arcgis_enterprise:10.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29115

Products

Pricing

Contact Us