CVE-2022-38202
BUG-000152121 - Directory traversal vulnerability in ArcGIS Server.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets).
Existe una vulnerabilidad de path traversal en las versiones 10.9.1 y anteriores de Esri ArcGIS Server. La explotación exitosa puede permitir que un atacante remoto y no autenticado atraviese el sistema de archivos para acceder a archivos fuera del directorio previsto en ArcGIS Server. Esto podría dar lugar a la divulgación de información confidencial de configuración del sitio (no conjuntos de datos de usuarios).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-12 CVE Reserved
- 2022-12-28 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Esri Search vendor "Esri" | Arcgis Server Search vendor "Esri" for product "Arcgis Server" | <= 10.9.1 Search vendor "Esri" for product "Arcgis Server" and version " <= 10.9.1" | - |
Affected
| ||||||