ArcGIS Earth

ArcGIS Earth Security Update

A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system. 

Mitigating measures: 

Esri has released an update for ArcGIS Earth that resolves this high-risk vulnerabilityhere. 

Common Vulnerability Scoring System (CVSS v3.1) Details 

7.8 Base Score, 7.0 Temporal Score 

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C  

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations.  Please see Common Vulnerability Scoring System for more information on the definition of these metrics. 

Vulnerability Details 

Acknowledgements 

0 Comments
Inline Feedbacks
View all comments

Next Article

What's new in ArcGIS Hub first quarter

Read this article