Unrated severityNVD Advisory· Published Aug 15, 2022· Updated Apr 10, 2025
Prevent access to sharing/rest/content/features/analyze to unauthorized users
CVE-2022-38187
Description
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.
Affected products
2< 10.9.0+ 1 more
- (no CPE)range: < 10.9.0
- (no CPE)range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.