Esri : Security Vulnerabilities, CVEs, CVSS score >= 9
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.
Max CVSS
9.6
EPSS Score
0.27%
Published
2022-08-16
Updated
2023-02-10
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
Max CVSS
9.8
EPSS Score
0.12%
Published
2021-12-07
Updated
2022-03-30
A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks.
Max CVSS
9.1
EPSS Score
0.31%
Published
2021-07-11
Updated
2022-03-30
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.
Max CVSS
9.8
EPSS Score
0.24%
Published
2020-12-26
Updated
2020-12-30
The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
Max CVSS
9.8
EPSS Score
0.50%
Published
2018-03-29
Updated
2018-04-23
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
Max CVSS
9.3
EPSS Score
4.40%
Published
2012-07-12
Updated
2012-07-16
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Max CVSS
10.0
EPSS Score
17.09%
Published
2007-03-30
Updated
2017-07-29
7 vulnerabilities found