High severity8.5NVD Advisory· Published Apr 4, 2024· Updated Jun 17, 2026
CVE-2024-25699
CVE-2024-25699
Description
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.
Affected products
3<=11.2 on Windows and Linux, <=11.1 on Kubernetes+ 1 more
- (no CPE)range: <=11.2 on Windows and Linux, <=11.1 on Kubernetes
- (no CPE)range: all
- Range: <=11.1 on Kubernetes
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.