ArcGIS GeoEvent Server

ArcGIS GeoEvent Server Security Update 2021 Patch 1

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. 

Esri has released updates for ArcGIS GeoEvent Server that resolve this high-risk vulnerability here. 

Common Vulnerability Scoring System (CVSS v3.1) Details

8.6 Base Score, 8.2 Temporal Score


We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations.  Please see Common Vulnerability Scoring System for more information on the definition of these metrics. 

Vulnerability Details 

CVE-2021-29101 – Relative Path Traversal CWE-23 – CVSS 8.2 

Inline Feedbacks
View all comments

Next Article

Multi-Scale Contour Styling in ArcGIS Pro

Read this article