A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
References
Link | Resource |
---|---|
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image | Vendor Advisory |
Configurations
History
23 Feb 2024, 19:38
Type | Values Removed | Values Added |
---|---|---|
First Time |
Esri arcgis Server
|
|
CPE | cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:* |
30 Mar 2021, 17:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-imageĀ - Vendor Advisory | |
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
25 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-25 21:15
Updated : 2024-02-23 19:38
NVD link : CVE-2021-29093
Mitre link : CVE-2021-29093
CVE.ORG link : CVE-2021-29093
JSON object : View
Products Affected
esri
- arcgis_server
CWE
CWE-416
Use After Free