ArcMap

ArcReader General Data Frame Security Update

Esri has released ArcReader 10.8.2, which resolves two low and one moderate-risk vulnerabilities in ArcReader.

ArcReader 10.8.2 is the last release. We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.

In the coming months, the ArcReader product website will be removed along with publicly available downloads. ArcReader software will continue to be available as a download from My Esri. The ArcReader online documentation will remain in place throughout the remainder of the ArcReader Product Support Life Cycle.

Recommendation
We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.

Vulnerability Details

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations. Please see Common Vulnerability Scoring System for more information on the definition of these metrics.

Common Vulnerability Scoring System (CVSS v3.1) Details

7.8 Base Score, 6.8 Temporal Score

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Common Vulnerability Scoring System (CVSS v3.1) Details

3.3 Base Score, Temporal Score 2.9

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

Common Vulnerability Scoring System (CVSS v3.1) Details

3.3 Base Score, Temporal Score 2.9

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

 

Acknowledgements
Tran Van Khang – khangkito (VinCSS) working with Trend Micro Zero Day Initiative

0 Comments
Inline Feedbacks
View all comments

Next Article

7 Steps to Enhance Your Social Equity Analysis

Read this article