ArcGIS QuickCapture

Portal for ArcGIS Quick Capture Security Patch is now available

Esri has released the Portal for ArcGIS Quick Capture Security Patch. Esri has released updates for Portal for ArcGIS that resolve this moderate-risk vulnerability here.

This patch that resolves one moderate priority security vulnerabilities across versions 10.9.1, 10.8.1, and 10.7.1.

Vulnerabilities fixed by this patch

CVE-2022-38201CWE-601

An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.

Common Vulnerability Scoring System (CVSS v3.1) Details 

6.1 Base Score, 5.5 Temporal Score 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C : 5.5

Mitigations:

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations.  Please see Common Vulnerability Scoring System for more information on the definition of these metrics. 

Esri Bug ID: BUG-000145824

Acknowledgements: Hussein Bahmad

Next Article

Sea Change

Read this article