CVE-2022-38205

High CVSS 8.6

Overview

In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).

CWE: CWE-23 Published: 2022-12-29T20:15:09.567

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.6 (HIGH)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags