CVEDB API

Vulnerabilities

Vulnerable Software

Esri: >> Portal For Arcgis >> 10.9 Security Vulnerabilities

CVE-2021-29108

There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.

CVSS Score

8.8

EPSS Score

0.003

Published

2021-10-01

CVE-2021-29109

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.

CVSS Score

6.1

EPSS Score

0.003

Published

2021-10-01

CVE-2021-29110

Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.

CVSS Score

5.4

EPSS Score

0.003

Published

2021-10-01

Page 4

Vulnerabilities

Vulnerable Software

Esri: >> Portal For Arcgis >> 10.9 Security Vulnerabilities

Products

Pricing

Contact Us