ArcGIS Trust Center

Portal for ArcGIS Security 2024 Update 1 released

Esri has released the Portal for ArcGIS Security 2024 Update 1 Patch, resolving multiple high and medium severity security vulnerabilities across versions 11.2, 11.1, 10.9.1 and 10.8.1

 

This patch was released on April 4th, 2024, and is available here.

 

We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess the risk of these vulnerabilities to their operations. Both base and modified temporal scores are provided to reflect the availability of an official patch.

Vulnerabilities fixed by this patch.

 

Directory Traversal – (Path Traversal)

 

CVE Details: CVE-2024-25693

CWE-22 Improper Limitation of a Pathname to a Restricted Directory

Base CVSS: 9.9 Temporal Score: 8.9

 

Access Control – (Improper Authentication)

 

CVE Details: CVE-2024-25699

CWE-287 Improper Authentication

Base CVSS: 8.5 Temporal CVSS: 7.6

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25695

CWE- 79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 7.2 Temporal CVSS: 6.5

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25698

CWE-79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 6.1 Temporal Score: 5.5

 

Cross-Site Request Forgery (CSRF)

 

CVE Details: CVE-2024-25692

CWE-352: Cross-Site Request Forgery (CSRF)

Base CVSS: 5.4 Temporal CVSS: 4.9

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25697

CWE- 79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 5.4 Temporal Score: 4.9

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25696

CWE- 79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 4.8 Temporal CVSS: 4.3

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25708

CWE-79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 4.8 Temporal CVSS: 4.3

 

Cross Site Scripting – (XSS)

 

CVE Details: CVE-2024-25690

CWE-79 Improper Neutralization of Input During Web Page Generation

Base CVSS: 4.7 Temporal CVSS: 4.2

Next Article

New! Probabilities in Forest-based and Boosted Classification in ArcGIS Pro 3.3

Read this article