Unrated severityNVD Advisory· Published Oct 1, 2021· Updated Apr 10, 2025
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.
CVE-2021-29108
Description
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.
Affected products
2<=10.9+ 1 more
- (no CPE)range: <=10.9
- (no CPE)range: 10.9.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.