How severe is CVE-2022-38199?

CVE-2022-38199 has a CVSS v3 score of 6.1 (MEDIUM).

CVE-2022-38199

Name: arcgis_server
Author: esri

6.1MEDIUM

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to

发布于: 10/25/2022更新于: 11/21/2024

描述

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

AI分析AI驱动

受影响产品

esriarcgis_server

10.7.1

esriarcgis_server

10.8.1

esriarcgis_server

10.9.1

参考资料

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch
Vendor Advisory
https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch
Vendor Advisory