ArcGIS GeoEvent Server

ArcGIS GeoEvent Server Security Update 2021 Patch 1

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system. 

Esri has released updates for ArcGIS GeoEvent Server that resolve this high-risk vulnerability here. 

Common Vulnerability Scoring System (CVSS v3.1) Details

8.6 Base Score, 8.2 Temporal Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/RL:O/RC:C 

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations.  Please see Common Vulnerability Scoring System for more information on the definition of these metrics. 

Vulnerability Details 

CVE-2021-29101 – Relative Path Traversal CWE-23 – CVSS 8.2 

0 Comments
Inline Feedbacks
View all comments

Next Article

New in ArcGIS Enterprise 10.9.1: cloud data warehouse support

Read this article