Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
There is a code injection vulnerability in Esri ArcGIS AllSource
Vulnerability Description
There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS AllSource, the file could execute and run malicious commands under the context of the victim. This issue is corrected in ArcGIS AllSource 1.2.1 and 1.3.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
Esri ArcGIS 代码问题漏洞
Vulnerability Description
Esri ArcGIS是Esri公司的一款功能强大的桌面 GIS 软件。 Esri ArcGIS存在代码问题漏洞,该漏洞源于不可信搜索路径,可能导致低权限攻击者执行恶意命令。
CVSS Information
N/A
Vulnerability Type
N/A