← volver
CVE-2024-51961

Local file inclusion (LFI) vulnerability in ArcGIS Server

CVSS 7.5 HIGHEPSS 0.4%CWE-73
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
03 mar 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Esri · ArcGIS Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/