VYPR
Unrated severityNVD Advisory· Published Aug 15, 2022· Updated Apr 10, 2025

Prevent access to sharing/rest/content/features/analyze to unauthorized users

CVE-2022-38187

Description

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.