Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BUG-000144172 - Remote file download issue in ArcGIS Server
Vulnerability Description
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Esri ArcGIS Server 安全漏洞
Vulnerability Description
Esri ArcGIS Server是美国环境系统研究所(Esri)公司的一个面向Web的可用于提供地理位置服务的企业级软件平台。 Esri ArcGIS Server 10.9.1及之前版本存在安全漏洞,该漏洞源于提供的某些Web服务功能中可能出现远程文件下载问题,在某些边缘情况下,可能允许未经身份验证的远程攻击者诱使毫无戒心的受害者在受害者的PATH环境中启动进程。
CVSS Information
N/A
Vulnerability Type
N/A