CVE-2024-51966

medium

Description

There is a path traversal vulnerability in ESRI ArcGIS Server versions 10.9.1 thru 11.3. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Details

Source: Mitre, NVD

Published: 2025-03-03

Updated: 2025-03-06

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N