CVE-2024-25692
BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
04 abr 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Productos afectados
Esri · Portal for ArcGIS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →