VYPR

Arcgis Server

by Esri

CVEs (69)

  • CVE-2026-2812MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based…

  • CVE-2026-2813MedMay 20, 2026
    risk 0.31cvss 4.7epss 0.00

    ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended,…

  • CVE-2012-4949Nov 14, 2012
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.

  • CVE-2025-67711Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67710Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67709Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67708Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67707Dec 31, 2025
    risk 0.00cvss epss 0.00

    ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls…

  • CVE-2025-67706Dec 31, 2025
    risk 0.00cvss epss 0.00

    ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls…

  • CVE-2025-67705Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67704Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-67703Dec 31, 2025
    risk 0.00cvss epss 0.00

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

  • CVE-2025-57870Oct 22, 2025
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful…

  • CVE-2024-51966Mar 3, 2025
    risk 0.00cvss epss 0.01

    There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to…

  • CVE-2024-51963Mar 3, 2025
    risk 0.00cvss epss 0.00

    There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. …

  • CVE-2024-51962Mar 3, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users…

  • CVE-2024-51961Mar 3, 2025
    risk 0.00cvss epss 0.00

    There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the…

  • CVE-2024-51960Mar 3, 2025
    risk 0.00cvss epss 0.00

    There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. …

  • CVE-2024-51959Mar 3, 2025
    risk 0.00cvss epss 0.00

    There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. …

  • CVE-2024-51958Mar 3, 2025
    risk 0.00cvss epss 0.01

    There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory.  There is no impact to…

Page 1 of 4