CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-38199

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.1%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch
https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch

Products affected by CVE-2022-38199

Esri » Arcgis Server » Version: 10.7.1

cpe:2.3:a:esri:arcgis_server:10.7.1
Esri » Arcgis Server » Version: 10.8.1

cpe:2.3:a:esri:arcgis_server:10.8.1
Esri » Arcgis Server » Version: 10.9.1

cpe:2.3:a:esri:arcgis_server:10.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38199

Products

Pricing

Contact Us