How severe is CVE-2022-38199?

CVE-2022-38199 has a CVSS v3 score of 6.1 (MEDIUM).

CVE-2022-38199

Name: arcgis_server
Author: esri

6.1MEDIUM

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to

Published: 10/25/2022Updated: 11/21/2024

Description

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

AI AnalysisPowered by AI

Affected Products

esriarcgis_server

10.7.1

esriarcgis_server

10.8.1

esriarcgis_server

10.9.1

References

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch
Vendor Advisory
https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch
Vendor Advisory