CVE-2024-25693
Portal for ArcGIS has a directory traversal vulnerability.
In short
Portal for ArcGIS allows authenticated users to bypass folder restrictions and access files anywhere on the server by using specially crafted paths. This is critical because attackers can read sensitive files or execute malicious code.
Technical detail
A path traversal vulnerability in Portal for ArcGIS (≤11.2) permits authenticated attackers to escape directory boundaries using path manipulation techniques, enabling unauthorized file system access and potential arbitrary code execution. The vulnerability requires valid credentials but allows circumventing intended access controls through crafted relative or absolute path sequences.
Summary generated and translated by AI from the official description.
There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Esri · Portal for ArcGISWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →