CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-51958

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.2%

CVSS Severity

CVSS v3 Score 4.9

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Products affected by CVE-2024-51958

Esri » Arcgis Server » Version: 10.9.1

cpe:2.3:a:esri:arcgis_server:10.9.1
Esri » Arcgis Server » Version: 11.0

cpe:2.3:a:esri:arcgis_server:11.0
Esri » Arcgis Server » Version: 11.1

cpe:2.3:a:esri:arcgis_server:11.1
Esri » Arcgis Server » Version: 11.2

cpe:2.3:a:esri:arcgis_server:11.2
Esri » Arcgis Server » Version: 11.3

cpe:2.3:a:esri:arcgis_server:11.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-51958

Products

Pricing

Contact Us