Vulnerability Details CVE-2024-51954
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated)
ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.0%
CVSS Severity
CVSS v3 Score 8.5
Products affected by CVE-2024-51954
-
cpe:2.3:a:esri:arcgis_server:10.9.1
-
cpe:2.3:a:esri:arcgis_server:11.0
-
cpe:2.3:a:esri:arcgis_server:11.1
-
cpe:2.3:a:esri:arcgis_server:11.2
-
cpe:2.3:a:esri:arcgis_server:11.3
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-