1 results (0.003 seconds)
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-2538 – BUG-000174336
https://notcve.org/view.php?id=CVE-2025-2538
20 Mar 2025 — A specific type of ArcGIS Enterprise deployment, is vulnerable to a Password Recovery Exploitation vulnerability in Portal, that could allow an attacker to reset the password on the built in admin account. A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote authenticated attacker to gain administrative access to the system. A specific type of ArcGIS Enterprise deployment is vulnerable to a Password Recovery E... • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-1-patch • CWE-798: Use of Hard-coded Credentials •