CVE-2024-51958
Last modified
CVE-2024-51958 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Esri | Arcgis Server | >= 10.9.1, <= 11.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-51958?
How severe is CVE-2024-51958?
How do I fix CVE-2024-51958?
Are you affected by CVE-2024-51958?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST