Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
References
Link | Resource |
---|---|
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image | Vendor Advisory |
Configurations
History
23 Feb 2024, 19:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:* | |
First Time |
Esri arcgis Server
|
27 Mar 2021, 03:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CWE | CWE-824 | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CWE | CWE-824 | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CWE | CWE-824 | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CWE | CWE-824 | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CWE | CWE-824 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
CWE | CWE-824 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory | |
CWE | CWE-824 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image - Vendor Advisory |
25 Mar 2021, 22:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CWE | ||
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE |
25 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-25 21:15
Updated : 2024-02-23 19:38
NVD link : CVE-2021-29095
Mitre link : CVE-2021-29095
CVE.ORG link : CVE-2021-29095
JSON object : View
Products Affected
esri
- arcgis_server
CWE
CWE-824
Access of Uninitialized Pointer